Malware infects US power facilities through USB drives

ICS-CERT recommends power plants adopt new USB practices
  • Grant Gross (IDG News Service)
  • — 15 January, 2013 21:38

Two U.S. power companies reported infections of malware during the past three months, with the bad software apparently brought in through tainted USB drives, according to the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

In one case, the industrial control system at a power generation facility was infected with "common and sophisticated malware" apparently through an employee's USB drive, according to the ICS-CERT Monitor for October to December 2012.

The publication did not name the malware discovered. The tainted USB drive came in contact with a "handful of machines" at the power generation facility and investigators found sophisticated malware on two engineering workstations critical to the operation of the control environment, ICS-CERT said.

Investigators didn't find malware on 11 other workstations examined, ICS-CERT said.

ICS-CERT recommended that the power facility adopt new USB use guidelines, including the cleaning of a USB device before each use.

In the second incident, a power company contacted ICS-CERT in early October to report a virus infection in a turbine control system. About 10 computers were affected, ICS-CERT said.

An outside technician used a USB drive to upload software updates during equipment upgrades, ICS-CERT said. The malware delayed the plant's reopening by three weeks, the organization said.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Tags: security, U.S. Department of Homeland Security, Exploits / vulnerabilities, industry verticals, energy, U.S. Industrial Control Systems Cyber Emergency Response Team

BlackBerry Hints at Complete End Point Security

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Web Aplication Security

Safeguard your websites against cyber attacks and data loss.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.