• 4 minutes England Running Out of Water?
  • 7 minutes Trump to Make Allies Pay More to Host US Bases
  • 10 minutes U.S. Shale Output may Start Dropping Next Year
  • 14 minutes Washington Eyes Crackdown On OPEC
  • 39 mins One Last Warning For The U.S. Shale Patch
  • 3 hours Oil Slips Further From 2019 Highs On Trade Worries
  • 23 hours Once Upon A Time... North Korea Abruptly Withdraws Staff From Liaison Office
  • 16 hours Modular Nuclear Reactors
  • 1 day Poll: Will Renewables Save the World?
  • 1 hour Climate change's fingerprints are on U.S. Midwest floods
  • 2 days Chile Tests Floating Solar Farm
  • 45 mins Telsa Sales in Europe
  • 22 mins 3 Pipes: EPIC 900K, CACTUS II 670K, GREY OAKS 800K
  • 2 hours Read: OPEC THREATENED TO KILL US SHALE
  • 2 days China's Expansion: Italy Leads Europe Into China’s Embrace
  • 2 days China's E-Buses Killing Diesel Demand
  • 2 days Trump sells out his base to please Wallstreet and Oil industry
  • 2 days New Rebate For EVs in Canada
Alt Text

Markets Brace For U.S. Decision On Iran Sanction Waivers

Several factors are creating upward…

Alt Text

Why No One Is Interested In Building EV Infrastructure

Nowadays, it seems like everyone…

Alt Text

Exxon Shale Deal With Algeria Falls Victim To Protests

Widespread anti-government protests in Algeria…

John Daly

John Daly

Dr. John C.K. Daly is the chief analyst for Oilprice.com, Dr. Daly received his Ph.D. in 1986 from the School of Slavonic and East European…

More Info

Trending Discussions

Malicious Software Threatens U.S. Power Plants

In America’s energy industry, batted by last year’s Hurricane Sandy, can be added a new threat – computer malware, an ominous portent for the U.S. power grid.

Apparently, in October 2012 a computer malware virus invaded a turbine control system at a U.S. power plant, when a technician “unknowingly” inserted an infected USB computer drive into the network, keeping a plant off line for three weeks according to a Voice of America report.

The ever vigilant Department of Homeland Security, while reporting the incident, did not identify the plant or the perpetrator, but did inform the U.S. taxpayers that the malware was apparently generated by “criminal software,” which has been previously used to perpetrate financial crimes, including as identity theft, adding that the software was introduced into the facility’s operating software by an employee of a third-party contractor that conducts business with the unnamed utility.
      
The DHS Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported the incident, which occurred in October 2012, along with a second “event” involving a more sophisticated malware software virus. In addition to not identifying the plants involved, a DHS spokesman declined to say where they are located.

Relevant Article: Rail and Pipelines Merge in Oil Transit Bonanza

The problem may well prove to be the tip of the iceberg, depending on who is behind the attacks, as many U.S. power plants essential infrastructure control systems run Windows XP and the much more elderly Windows 2000, the latter an operating system designed more than a decade ago, which has been notorious for its “bugs” and numerous hastily issued software “patches.” The more elderly Microsoft software programs include “auto run” features which operate by default, making them a prime hacker target because malware can be loaded as soon as a USB is plugged into the system unless operators change the system’s settings.

And, despite the billions of dollars poured into the Department of Homeland Security since 9-11, the malware was discovered according to the “ICS-CERT Monthly Monitor October/November/December 2012” “when an employee asked company IT staff to inspect his USB drive after experiencing intermittent issues with the drive’s operation. The employee routinely used this USB drive for backing up systems configurations within the control environment. When the IT employee inserted the drive into a computer with up-to-date antivirus software, the antivirus software produced three positive hits. Initial analysis caused particular concern when one sample was linked to known sophisticated malware. Following analysis and at the request of the customer, an onsite team was deployed to their facility where the infection occurred.”

Relevant Article: Strategies to Bring Reliable Electricity to India

For better or worse, malware targeting power plants seems to be a growth area of the 21st century malcontents, whether private or governmental. Since the 2010 emergence of the Stuxnet malware computer virus, used to infiltrate Iran's civilian nuclear program, apparently designed to target Iranian uranium centrifuges separating out uranium isotopes, malware Internet computer viruses targeting energy facilities have slowly emerged into the world media. Evidence has mounted that the United States and Israel were primarily responsible for Stuxnet. Adding to global anxieties, programming experts believe that hackers may now be copying the covert anarchic technology to develop their own viruses.

How serious a problem might hacking attacks against U.S. power plants become?

According to ICS-CERT, the agency responded to 198 cyber incidents reported by energy companies, public water districts and other infrastructure facilities in the fiscal year ending 30 Sept. 2012 and attacks against the energy sector represented 41 percent of the total number of incidents in fiscal 2012.

Something to think about the next time your lights flicker.

By. John C.K. Daly of Oilprice.com




Download The Free Oilprice App Today

Back to homepage

Trending Discussions


Leave a comment
  • David B. Benson on January 20 2013 said:
    Then stop using 'Windows' for those applications.
  • Tuna on January 22 2013 said:
    They should hire Iran to solve this problem on account of their expertise.

Leave a comment




Oilprice - The No. 1 Source for Oil & Energy News