Want to Keep a Power Plant from Resuming Operation? Just Bring a Flash Drive
Posted on January 17, 2013 11:22 AM by Rob Williams
In an age where we seem to be on high alert at all times, isn’t it a bit silly to imagine being able to waltz into a power plant and compromise part of its operation with the help of a simple flash drive? Yes – it is silly, but sillier still is that it’s happened.
According to the Department of Homeland Security, an outside contractor for a power plant plugged a malware-infested USB thumb drive with an ID-theft edge into a PC and executed its goods. In total, 10 PCs were infected – but that’s just the beginning. At the time of this event, the plant had been down for upgrades. Because of the hassles caused, it took an additional three weeks to get things back up in action. All because someone plugged in a thumb drive and ran its software.
This isn’t the first time something like this happened, and it sure won’t be the last. In fact, the same article published by USA Today noted that a second facility was hit in a similar manner. There, an employee decided to get IT to check out their thumb drive, and lo and behold, it was infected. In both of these cases, it seems that out-of-date anti-virus protection was the root cause (you know, aside from the person actually causing the problems).
It’s a little mind-boggling when you think about it. You’d imagine that a power plant would have its operations in order enough where an oversight like this wouldn’t happen – but no. Updating anti-virus software – or anti-malware software at all – is about as common as computing itself. I hate to imagine how much money was wasted due to someone’s negligence.