backtop


Print 12 comment(s) - last by JediJeb.. on Jan 18 at 6:28 PM

Origin of the attacks was not revealed

Illustrating why it might be a good idea to ban external mediaparticularly in high-security environments, the U.S. Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) -- a sub-agency of the U.S. Department of Homeland Security (DHS) -- released a newsletter this week revealing that two power plants in the U.S. suffered malware infections last year thanks to infected thumb drives.

ICS-CERT officials write:

[In the first incident] the malware was discovered when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive's operation.  The employee routinely used this USB drive for backing up control systems configurations within the control environment.
....
[During the second incident] a third-party technician used a USB-drive to upload software updates during a scheduled outage for equipment upgrades.  Unknown to the technician, the USB-drive was infected with crimeware.  
The infection resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks.

Most power providers in the U.S. are privately owned, thus the government does not have the ability to order them what to do security wise.  But in its newsletter it firmly suggests adopting stricter restrictions on external media, commenting, "Such practices will mitigate many issues that could lead to extended system downtime."

Coal power station
A pair of breaches at U.S. power plants in 2012 via USB sticks, highlight the growing danger to the U.S. power grid. [Image Source: Reuters]

The U.S. federal government knows a think or two about the dangers of external media and writeable media.  In 2008, the Pentagon suffered a major cyberattack that originated from a single USB stick plugged into a secured system.  The malware, believed to have originated in Russia, quickly spread, compromising systems.  

And in perhaps the most severe data loss incident in U.S. history, U.S. SPC Bradley Manning, a low-ranking U.S. Army Officer downloaded hundreds of thousands of classified documents and burned them to a CD-RW.  He then allegedly passed the documents to Wikileaks, a site that has fixated on publishing supposedly "incriminating" material on the U.S. government.

The recent report on the power plant hacks did not mention where the malware appeared to originate from or the extent of the compromise.  The specific malware used in each intrusion was also not revealed.  

Chinese university researchers have published information suggesting an attack scheme in which malware is planted on power plant systems, only to be activated at a later date causing catastrophic failures of the power grid, crippling the nation a war scenario.  In 2011 there was an alleged security breach at a wind power facility in the U.S., but that was believed to be the work of a disgruntled employee.

Source: US ICS-CERT



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

power plants
By Argon18 on 1/18/2013 12:49:15 PM , Rating: 3
This article isn't that helpful since it doesn't describe the systems in any detail. But I can tell you as a fact that 100% of nuclear power generation in the US is managed by Tandem NonStop servers running the NSK operating system. Any Windows machines are in minor ancillary role, and the management of the reactor is handled purely by the secure and reliable NSK servers. Same is true for the stock exchanges, and other critical infrastructure. They are safe from viruses because they don't use a Microsoft OS.




"Well, there may be a reason why they call them 'Mac' trucks! Windows machines will not be trucks." -- Microsoft CEO Steve Ballmer














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki