Two U.S. power companies reported infections of malware during the past three months, with the bad software apparently brought in through tainted USB drives, according to the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
In one case, the industrial control system at a power generation facility was infected with “common and sophisticated malware” apparently through an employee’s USB drive, according to the ICS-CERT Monitor for October to December 2012.
The publication did not name the malware discovered. The tainted USB drive came in contact with a “handful of machines” at the power generation facility and investigators found sophisticated malware on two engineering workstations critical to the operation of the control environment, ICS-CERT said.
Investigators didn’t find malware on 11 other workstations examined, ICS-CERT said.
ICS-CERT recommended that the power facility adopt new USB use guidelines, including the cleaning of a USB device before each use.
In the second incident, a power company contacted ICS-CERT in early October to report a virus infection in a turbine control system. About 10 computers were affected, ICS-CERT said.
An outside technician used a USB drive to upload software updates during equipment upgrades, ICS-CERT said. The malware delayed the plant’s reopening by three weeks, the organization said.