[ale] [OT]USB Storage Drive Loaded With Malware Shuts Down Power Plant

Ron Frazier (ALE) atllinuxenthinfo at techstarship.com
Fri Jan 18 20:27:39 EST 2013


Hi all,

Step 1 - configure basic os and operational software from trusted sources
Step 2 - configure av, but it has to be updated, which could be a problem
Step 3 - scan the machine
Step 4 - TURN AUTOPLAY OFF - applies to Linux too
Step 5 - backup the machine locally
Step 6 - backup the machine offsite, or at least in a second location in a fireproof bunker
Step 7 -maybe make a master backup on an mdisc or something so it's permanent
Step 8 - when the machine must be updated, scan the update media first on a separate system with autoplay off
Step 9 - do the update and create a second set of backups
Step 10 - repeat until 3 - 6 entire sets of backups are in place

OK I'm not a security guru and there are many variations on this theme.  But, that wasn't TOO hard to figure out.  It wouldn't necessarily protect too well against zero day exploits.  But, since I solved their problem, I want their salary.

Ron


Sergio Chaves <sergio.chaves at gmail.com> wrote:

>http://www.eweek.com/security/usb-storage-drive-loaded-with-malware-shuts-down-power-plant/?kc=EWKNLNAV01182013STR1
>
>Sometimes you just gotta say, WTF???
>
>"US-CERT, which is part of the U.S. Department of Homeland Security,
>declined to identify which power plant was affected, and did not say
>whether the facility was operating on nuclear or conventional power.
>Industrial control systems frequently use Windows-based computers to
>run their specialized software, but they rarely run antivirus software
>because these computers aren’t connected to outside networks. However,
>using a USB drive to perform updates is common on these systems."
>"US-CERT, which is part of the U.S. Department of Homeland Security,
>declined to identify which power plant was affected, and did not say
>whether the facility was operating on nuclear or conventional power.
>Industrial control systems frequently use Windows-based computers to
>run their specialized software, but they rarely run antivirus software
>because these computers aren’t connected to outside networks. However,
>using a USB drive to perform updates is common on these systems."
>
>_______________________________________________
>Ale mailing list
>Ale at ale.org
>http://mail.ale.org/mailman/listinfo/ale
>See JOBS, ANNOUNCE and SCHOOLS lists at
>http://mail.ale.org/mailman/listinfo


--

Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
Please excuse my potential brevity.

(To whom it may concern.  My email address has changed.  Replying to former
messages prior to 03/31/12 with my personal address will go to the wrong
address.  Please send all personal correspondence to the new address.)

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com




More information about the Ale mailing list