http://digital-intifada.blogspot.com/2012/04/digital-intifada-exclusive-interview.html

Thursday, 17 January 2013

American power plant shut down by cyber attack


American power plant shut down by cyber attack

Two U.S. power plants have been infected with computer viruses - and one was shut down by a malicious software infection carried into its control systems on USB sticks.

Two U.S. power plants have been infected with computer viruses - and one was shut down by a malicious software infection carried into its control systems on USB sticks.

Industrial control systems are usually disconnected from the internet for safety reasons - but 'crimeware' carried on USB sticks prevented one plant from opening for three weeks, and infected turbine control systems at another plant in October.

The cases were reported by the U.S. Department of Homeland Security's Cyber Emergency Response Team - which predicted a rise in such infections.

Malicious software can in theory be used to 'remote control' industrial systems - or even cause physical damage by making systems operate wrongly.


Concerns have been raised over the safety of industrial control systems after the discovery of a worm, Stuxnet, in 2010, which appeared to have been built to cause damage to Iran's Busehr nuclear plant. 

In the first case, according to the Cyber Emergency Response team, "a handful of machines had likely had contact with the tainted USB drive." 

"The team discovered signs of the sophisticated malware on two engineering workstations, both critical to the operation of the control environment."

The second infection was carried into a plant by a technician and infected turbine control systems.

It's not clear what particular malware packages infected the machines. 

The Stuxnet worm raised concerns over the vulnerability of industrial systems when it was discovered in computers at Iran's Busehr plant in 2010.

Stuxnet was designed to make centrifuges at the plant spin out of control, damaging them beyond repair - it was built specifically to spread to industrial computer systems, carried on USB sticks or infected laptops. 

Other tests showed that attacks on similar ‘programmable logic controllers’ - simple computer systems used to control industrial systems - could cause damage in the real world. 

In November 2011, security researchers in America showed that some computer controlled cell doors in prisons could be opened remotely via the internet. 

Earlier tests in 2007 proved that hackers could overwhelm a diesel generator, causing it to self destruct.

At the time, the U.S. government described such cyber attacks as ‘a new kind of weapon’.

No comments:

Post a Comment