Power plants struck by USB malware

Two US power plants were infected with malware from USB drives last year, according to the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), adding to growing concerns about the safety of key infrastructure.

Two US power plants were infected with malware from USB drives last year, according to the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), adding to growing concerns about the safety of key infrastructure.

 
ICS-CERT said the plants were the target of “sophisticated” attacks, adding that they are common, and warning that such attacks are expected to increase.
 
The malware found its way onto the control systems for the power plants through USB drives, with one technician unwittingly uploading the virus while attempting to make software updates. Another employee reported problems with his USB drive, used to back up control systems configurations, and IT staff found that it also contained malware.
 
 Power plants struck by USB malware
 
The affected systems had to be taken offline for roughly three weeks to sort out the problems, giving an inkling into the potential chaos and destruction such cyber attacks on important facilities can achieve.
 
The security officials did not reveal anything about the nature of the malware, such as whether or not it was designed to cause havoc or for espionage. Malware has become a major new tool of war in recent years, with the Stuxnet virus causing significant damage to Iran's nuclear facilities.
 
A growing number of attacks on power grids, water plants, oil rigs and similarly vital infrastructure has caused many governments to step up cyber defence plans. These latest attempts show that more attention will need to be paid to the use of USB drives, which have previously been used to infect consumer PCs with viruses.
 
Source: BBC
Image Credit: Geograph.org.uk