Forgot your password?
typodupeerror
Power Security Hardware

Malware Infects US Power Facilities Through USB Drives 136

Posted by Soulskill
from the under-your-thumbdrive dept.
angry tapir writes "Two U.S. power companies have reported infections of malware during the past three months, with the bad software apparently brought in through tainted USB drives, according to the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The publication (PDF) did not name the malware discovered. The tainted USB drive came in contact with a 'handful of machines' at the power generation facility and investigators found sophisticated malware on two engineering workstations critical to the operation of the control environment, ICS-CERT said."
This discussion has been archived. No new comments can be posted.

Malware Infects US Power Facilities Through USB Drives

Comments Filter:
  • by jkrise (535370) on Wednesday January 16, 2013 @03:39AM (#42600851) Journal

    I can't help but laugh at the infantile levels of thinking and planning which goes into building secure infrastructure systems. Here's how I would do it:

    1. First, insulate critical infrastructure systems from the rest of the World. Don't install 'secure' routers or 'secure' firewalls. Simply insulate them. End of.

    2. Do not install any software (OS, database or application) that needs to be activated from the outside, or auto-updated from the outside.

    3. Do not ALLOW any USB based access to any of the networked machines, ever. If at all, the USB drive needs to be connected to a Linux machine, that does not auto-mount or run any auto-magic stuff. Then, any files that need to be sent to the server need to be quarantined prior to updating.

    4. Same goes for WiFi. Only allow mahcines with known, registered MAC addresses, after pre-auditing and authorising them.

    Dealing with the aftermath of such insecure architecture, without Solving them once and for all, is a criminal offence by the IT admins and must be prosecuted as such. Irrespective of the outcome or lack of any infections despite insecure architecture.

  • by Anonymous Coward on Wednesday January 16, 2013 @03:45AM (#42600875)

    the solution is to not use vulnerable crap like windows

    If the malicious code was embedded in the software which was intentionally installed, then exactly how would the choice of OS have fuck-all to do with it?

  • by thegarbz (1787294) on Wednesday January 16, 2013 @04:21AM (#42601011)

    1. hahahahahahhahahahahah. Ok in all seriousness that is not only laughable but often actually simply illegal. The modern control world will often mandate some form of external data transfer live directly from the control system, and this is before taking into account satellite operated systems and other potentially unmanned sites. If you think that an airgap from other networks is the end of the discussion you've effectively made all your solutions unworkable in the industry.

    Much debugging is done over the network looking at live data trends.
    Much maintenance is done over the network through the use of smart instruments and asset management systems.
    Much analysis and improvement to processes, reliability analysis of critical machinery, and other such activities are done in a way which require some connection to the control system.

    Not to mention that airgap gives people a hell of a false sense of security.

    2. This is not only a good idea, but it's actually also a requirement by many vendors.

    3. Unworkable. Engineers will have your balls in a vice before you get through the commissioning phase. Mainly because you won't get through the commissioning phase as something will be wrong and there's no way to get data on or off the machine in question. The idea of locking it down to prevent autoruns is good. Providing sterilised USB keys for use is good too. Most of the problems are brought in from home, not transferred between work machines and the process network.

    4. WiFi ... on a process network? Dear god why! WiFi used for field devices should sit on their own isolated network with very careful and selective routing only to the aforementioned non-airgapped process network.

  • Re:Why the hell (Score:4, Interesting)

    by c0lo (1497653) on Wednesday January 16, 2013 @04:25AM (#42601023)

    ... would any machine running Windows be attached to or associated with anything that was critical to the operation of a power plant?!

    Just in case you are scared about power plants failures - don't! There are much better things to be worried about.

    For example - only a bit more that 4 years ago, the UK Navy finished retrofitting its nuclear subs with... Window XP and 2000! [tomshardware.com] For sensors and weapons control no less. At the time, /.ers coined a new meaning for the BSOD [slashdot.org].

"An open mind has but one disadvantage: it collects dirt." -- a saying at RPI

Working...