In America’s energy industry, batted by last year’s Hurricane Sandy, can be added a new threat – computer malware, an ominous portent for the U.S. power grid.
Apparently, in October 2012 a computer malware virus invaded a turbine control system at a U.S. power plant, when a technician “unknowingly” inserted an infected USB computer drive into the network, keeping a plant off line for three weeks according to a Voice of America report.
The ever vigilant Department of Homeland Security, while reporting the incident, did not identify the plant or the perpetrator, but did inform the U.S. taxpayers that the malware was apparently generated by “criminal software,” which has been previously used to perpetrate financial crimes, including as identity theft, adding that the software was introduced into the facility’s operating software by an employee of a third-party contractor that conducts business with the unnamed utility.
The DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported the incident, which occurred in October 2012, along with a second “event” involving a more sophisticated malware software virus. In addition to not identifying the plants involved, a DHS spokesman declined to say where they are located.
Relevant Article: Rail and Pipelines Merge in Oil Transit Bonanza
The problem may well prove to be the tip of the iceberg, depending on who is behind the attacks, as many U.S. power plants essential infrastructure control systems run Windows XP and the much more elderly Windows 2000, the latter an operating system designed more than a decade ago, which has been notorious for its “bugs” and numerous hastily issued software “patches.” The more elderly Microsoft software programs include “auto run” features which operate by default, making them a prime hacker target because malware can be loaded as soon as a USB is plugged into the system unless operators change the system’s settings.
And, despite the billions of dollars poured into the Department of Homeland Security since 9-11, the malware was discovered according to the “ICS-CERT Monthly Monitor October/November/December 2012” “when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive’s operation. The employee routinely used this USB drive for backing up systems configurations within the control environment. When the IT employee inserted the drive into a computer with up-to-date antivirus software, the antivirus software produced three positive hits. Initial analysis caused particular concern when one sample was linked to known sophisticated malware. Following analysis and at the request of the customer, an onsite team was deployed to their facility where the infection occurred.”
Relevant Article: Strategies to Bring Reliable Electricity to India
For better or worse, malware targeting power plants seems to be a growth area of the 21st century malcontents, whether private or governmental. Since the 2010 emergence of the Stuxnet malware computer virus, used to infiltrate Iran's civilian nuclear program, apparently designed to target Iranian uranium centrifuges separating out uranium isotopes, malware Internet computer viruses targeting energy facilities have slowly emerged into the world media. Evidence has mounted that the United States and Israel were primarily responsible for Stuxnet. Adding to global anxieties, programming experts believe that hackers may now be copying the covert anarchic technology to develop their own viruses.
How serious a problem might hacking attacks against U.S. power plants become?
According to ICS-CERT, the agency responded to 198 cyber incidents reported by energy companies, public water districts and other infrastructure facilities in the fiscal year ending 30 Sept. 2012 and attacks against the energy sector represented 41 percent of the total number of incidents in fiscal 2012.
Something to think about the next time your lights flicker.
By. John C.K. Daly of Oilprice.com