U.S. power plants combat USB malware infections

How can you bring down a critical part of a country's infrastructure? Introduce an infected USB drive into the system.

According to the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), two power plants in the three months leading to the end of 2012 reported infections -- a number which is likely to rise in the coming year unless we begin taking cybersecurity threats to our infrastructure more seriously.

The ICS-CERT Monitor report (.pdf) states that both "common and sophisticated" malware was found at a power generation facility in one case, discovered after an employee had issues connecting a USB drive to a workstation.

Although the type of malware wasn't revealed, the report mentions that "the employee routinely used this USB drive for backing up control systems configurations within the control environment," which could prove to be a loophole hackers could routinely exploit to connect with the most important systems within a power plant. In addition, ICS-CERT said that sophisticated malware was found on two engineering-based workstations that are "critical" to the control of the power station.

A lesson to be learnt in this case: neither workstation had viable backups, and unless the infection was properly removed, it could have seriously hampered the plant's operations.

Although malware was not found on 11 other workstations examined, unless security is tightened when it comes to USB storage systems, there is no reason why external drives could not be used to transport such malware, and human error could become the core reason a plant is infected.

In the second case documented by the report, a power company reported a viral infection in a turbine control system which hampered the performance of roughly ten computers within its control network. After a third-party technician used a USB drive to upgrade software when equipment was being renewed, the malware took hold. As a result, the plant's reopening was delayed for three weeks.

ICS-CERT suggests that a common-sense approach is the best method to try and combat USB-borne infections. Adopting new USB guidelines, maintaining the cleaning of a device before use -- including write-once media like DVDs -- should be compulsory, and antivirus software should be kept up-to-date. If a simple USB stick can cause a power station to go down, as cyberattacks become more sophisticated, basic protocols have to be in place in order to protect critical infrastructures that keep cities moving.