HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Main » Latest Breaking News (Forum) » Malicious Virus Shuttered...

Wed Jan 16, 2013, 11:23 PM

Malicious Virus Shuttered U.S. Power Plant -DHS

Source: Reuters

Wed Jan 16, 2013 5:53pm EST

Jan 16 (Reuters) - A computer virus attacked a turbine control system at a U.S. power company last fall when a technician unknowingly inserted an infected USB computer drive into the network, keeping a plant off line for three weeks, according to a report posted on a U.S. government website.

The Department of Homeland Security report did not identify the plant but said criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident.

It was introduced by an employee of a third-party contractor that does business with the utility, according to the agency.

DHS reported the incident, which occurred in October, along with a second involving a more sophisticated virus, on its website as cyber experts gather at a high-profile security conference in Miami known as S4 to review emerging threats against power plants, water utilities and other parts of the critical infrastructure.

In addition to not identifying the plants, a DHS spokesman declined to say where they are located.

Read more: http://www.reuters.com/article/2013/01/16/cybersecurity-powerplants-idUSL1E9CGFPY20130116

7 replies, 1648 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread

Response to Purveyor (Original post)

Wed Jan 16, 2013, 11:29 PM

1. Iranian centrifuge controls were hacked

It makes you wonder.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Purveyor (Original post)

Wed Jan 16, 2013, 11:30 PM

2. I guess it's too much to ask for computer security at these plants.

Autorun can be turned off just for starters.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Purveyor (Original post)

Thu Jan 17, 2013, 12:28 AM

3. We are suppposed to believe this?

No information, no independent confirmation, just TERRA TERRA TERRA?

Reply to this post

Back to top Alert abuse Link here Permalink


Response to Purveyor (Original post)

Thu Jan 17, 2013, 01:29 AM

4. Having worked as a contract programmer, I saw first hand how lax network security often is.

Several companies that allowed workstations access to the Internet, or allowed file transfers from external disks that were at some point connected to the Internet, were infected with viruses.

Some of these systems ran virus checkers. They proved to be mainly ineffective.

Any computers running critical software, like for a power station, should be on a separate network behind a secure firewall. There should be no other connection to the network except through the firewall.

What really irked me was how unconcerned the rest of the staff were about computer virus infection.

Reply to this post

Back to top Alert abuse Link here Permalink


Response to AdHocSolver (Reply #4)

Thu Jan 17, 2013, 12:12 PM

6. Why are GP computers being used for these tasks at all? /nt

 

Reply to this post

Back to top Alert abuse Link here Permalink


Response to TheMadMonk (Reply #6)

Sat Jan 19, 2013, 12:56 AM

7. Since you asked, when screwups happen that logically shouldn't happen, think "cheap".

The network server is often a retired computer running an old version of the operating system such as MS Windows.

It was used previously as a workstation and may already have been infected by a virus when it was given its new set of tasks to perform.

A programmer, possibly an intern, was given the task to clean up the retired computer and get it ready for its new use.

The manager in charge of the computer group often has only a business degree, maybe one course in programming, and his expertise about computer matters rests on his firm belief that the best programmer on his staff is the fastest typist. At least, that is how he rates his programmers at evaluation time.

This manager may have a technical assistant who would not be rated exceptional in any environment.

Even where the manager is an engineer, he often has few computer skills. I worked on a project for the engineering department of a large manufacturing company and had a really tough time convincing the manager that the first two computers that he gave me were defective. It took two weeks before he provided me with a third computer that actually worked properly.

The main job of a manager in most companies is to keep costs low. Neither quality nor safety is ever an issue.


Reply to this post

Back to top Alert abuse Link here Permalink


Response to Purveyor (Original post)

Thu Jan 17, 2013, 12:11 PM

5. Begs the question. Why are systems with extremely limited...

 

...control parameters that could easily be managed by discrete incorruptible dedicated control circuitry, instead run by systems designed to be as versatile as possible?

FFS, a turbine does not need to browse pornography, and it's operator should be wanking on his own time, not the company's.

If more complexity is needed, why not a Picaxe or Arduino style micro controler with ZERO, NO, NONE, NADA capability of remote reprogramability?

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread