Two unnamed U.S. power plants fell victim to a cyber attack after viruses and malware were found on computers in the plants. Both incidents were reported in a newsletter from the U.S. Industrial Control Systems Cyber Emergency Response Team, a section of the U.S. Department of Homeland Security.
The first incident was discovered when an employee was having trouble with his USB drive and asked an IT person to take a look. The IT workers inserted the drive into a computer with up-to-date antivirus software and the software made three positive hits, two for common malware and one for a sophisticated virus.
Several more computers were inspected, and two came up positive for the sophisticated malware. The two computers had no backup, and a failed cleanup would have impaired their operations, the newsletter said.
The report did not say if the computers did or did not have up-to-date antivirus software, but it did say that current software would have found the malware.
“While the implementation of an antivirus solution presents some challenges in a control system environment, it could have been effective in identifying both the common and the sophisticated malware discovered on the USB drive and the engineering workstations,” the newsletter said.
In early October 2012, another power company reported ten computers that were infected with a virus after a worker unknowingly used an infected USB drive to upload software updates during a scheduled outage for equipment upgrades. The computers were part of the plant’s turbine control system, and the infection delayed the restart of the plant by three weeks.
ICS-CERT says plant owners and operators should “develop and implement baseline security policies for maintaining up-to-date antivirus definitions.”
Read more safety and protection news