Computer virus switches off US power plant

News 17 Jan, 2013

The US Department of Homeland Security claims power station was taken offline for several weeks following attack.

A computer virus attacked a turbine control system at a US power company when a technician unwittingly inserted an infected USB drive into the network, it has been claimed.

The virus is reported to have knocked out the plant for three weeks, according to a post on a US government website.

The Department of Homeland Security (DHS) report did not identify the plant but said criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident.

It was introduced by an employee of a third-party contractor that does business with the utility, according to the agency.

DHS reported the incident, which occurred in October, along with a second involving a more sophisticated virus, on its website as cyber experts gather at a high-profile security conference in Miami known as S4 to review emerging threats against power plants, water utilities and other parts of the critical infrastructure.

In addition to not identifying the plants, a DHS spokesman declined to say where they are located.

Interest in the area has surged since 2010 when the Stuxnet computer virus was used to attack Iran's nuclear program. Although the United States and Israel were widely believed to be behind Stuxnet, experts believe that hackers may be copying the technology to develop their own viruses.

Justin W. Clarke, a security researcher with a firm known as Cylance that helps protect utilities against cyber attacks, noted that experts believe Stuxnet was delivered to its target in Iran via a USB drive.

Attackers use that technique to place malicious software on computer systems that are "air gapped," or cut off from the public Internet.

"This is yet another stark reminder that even if a true ‘air gap' is in place on a control network, there are still ways that malicious targeted or unintentional random infection can occur," he said.

The Department of Homeland Security's Industrial Control Systems Cyber Emergence Response Team (ICS-CERT), which helps protect critical US infrastructure, described the incident in a quarterly newsletter on Wednesday.

The report from ICS-CERT described a second incident which recently sent technicians to clean up computers infected by common and "sophisticated" viruses on workstations that were critical to the operations of a power generation facility.

The report did not say who was behind the virus or if it was capable of sabotage. DHS uses the term "sophisticated" to describe a wide variety of malicious software that is designed to do things besides commit routine cyber crimes. They include viruses capable of espionage and sabotage.

A DHS spokesman could not immediately be reached to comment on the report.