The US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has reported that two US power stations were attacked and infected by a malicious malware in the last quarter of 2012.
The experts have blamed not anyone else but USB flash drives filled with viruses for infecting and compromising the industrial control systems in both cases. Yet the names of infected power plant were not mentioned in the released report.
The first case came to light when an engineer realized USB flash drive that was used by him for back up control system settings had become dubious. The engineer then referred the case to the station’s IT department, which found three different malicious malwares after scanning.
The second case came into notice when another USB drive was scanned, this time an outsider contractor was blamed to plugin the USB and unintentionally spreading the malware in more then 10 computers at that power station.
ICS-CERT reports that with confirmation that the sophisticated malware existed on the two engineering workstations, attention shifted quickly to the remaining eleven operator stations in the control environment. Manual analysis using the known characteristics of the malware revealed no signs of the malicious software on these operator stations.
After the onsite visit, ICS-CERT had two primary goals for assisting the organization.
Identify effective and safe cleaning procedures that could be used to remove the
remaining malicious artifacts.
Identify best practices to prevent and detect future malware infections in this
organization’s control environment.
ICS-CERT is educating and updating the power station operators all over the US regarding the dangerous outcome of malware and using of USB flash drives in an industrial control system environments. If you want to get in more information related to the case and a research by ICS-CERT into SCADA security, click here.