Malware Infecting US Power Plant SCADA Systems

Critical power generation systems inside two US power plants were infected with “known sophisticated malware” that spreads via USB drives, reports the US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

The malware, which the team didn`t name, infected a handful of machines during a software update initiated by an outside technician. With supervisory control and data acquisition (SCADA) systems vital in flipping switches and turning dials inside power plans, remote access to such equipment could enable a saboteur or hacker to cause serious infrastructure damage.

“When the IT employee inserted the drive into a computer with up-to-date antivirus software, the antivirus software produced three positive hits,” according to the ICS-CERT report. “Initial analysis caused particular concern when one sample was linked to known sophisticated malware.”

Because the incident resulted in three weeks of downtime at the power plant, ICS-CERT advised that a strict restriction to vital systems and USB drives needs to be in place to prevent future infections. Even if SCADA systems lack an internet connection, they can still be exposed to malware.

Having no backups in place, the compromised workstations would have suspended normal power plant operations for a long time in the event of an “ineffective or failed cleanup.” With SCADA systems compromised in the past by Stuxnet or Flamer, ICS-CERT believes new security measures should be set in place.