[ale] [OT]USB Storage Drive Loaded With Malware Shuts Down Power Plant
David Tomaschik
david at systemoverlord.com
Fri Jan 18 23:06:04 EST 2013
Hi Ron,
You're making a big assumption here -- that the software on the computer
can be updated. Many SCADA applications are only validated on VERY
specific configurations and aren't updated to every new version. SCADA
really shouldn't be on the internet, and workers really shouldn't be
plugging flash drives into SCADA.
David
On Fri, Jan 18, 2013 at 5:27 PM, Ron Frazier (ALE) <
atllinuxenthinfo at techstarship.com> wrote:
> Hi all,
>
> Step 1 - configure basic os and operational software from trusted sources
> Step 2 - configure av, but it has to be updated, which could be a problem
> Step 3 - scan the machine
> Step 4 - TURN AUTOPLAY OFF - applies to Linux too
> Step 5 - backup the machine locally
> Step 6 - backup the machine offsite, or at least in a second location in a
> fireproof bunker
> Step 7 -maybe make a master backup on an mdisc or something so it's
> permanent
> Step 8 - when the machine must be updated, scan the update media first on
> a separate system with autoplay off
> Step 9 - do the update and create a second set of backups
> Step 10 - repeat until 3 - 6 entire sets of backups are in place
>
> OK I'm not a security guru and there are many variations on this theme.
> But, that wasn't TOO hard to figure out. It wouldn't necessarily protect
> too well against zero day exploits. But, since I solved their problem, I
> want their salary.
>
> Ron
>
>
> Sergio Chaves <sergio.chaves at gmail.com> wrote:
>
> >
> http://www.eweek.com/security/usb-storage-drive-loaded-with-malware-shuts-down-power-plant/?kc=EWKNLNAV01182013STR1
> >
> >Sometimes you just gotta say, WTF???
> >
> >"US-CERT, which is part of the U.S. Department of Homeland Security,
> >declined to identify which power plant was affected, and did not say
> >whether the facility was operating on nuclear or conventional power.
> >Industrial control systems frequently use Windows-based computers to
> >run their specialized software, but they rarely run antivirus software
> >because these computers aren’t connected to outside networks. However,
> >using a USB drive to perform updates is common on these systems."
> >"US-CERT, which is part of the U.S. Department of Homeland Security,
> >declined to identify which power plant was affected, and did not say
> >whether the facility was operating on nuclear or conventional power.
> >Industrial control systems frequently use Windows-based computers to
> >run their specialized software, but they rarely run antivirus software
> >because these computers aren’t connected to outside networks. However,
> >using a USB drive to perform updates is common on these systems."
> >
> >_______________________________________________
> >Ale mailing list
> >Ale at ale.org
> >http://mail.ale.org/mailman/listinfo/ale
> >See JOBS, ANNOUNCE and SCHOOLS lists at
> >http://mail.ale.org/mailman/listinfo
>
>
> --
>
> Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
> Please excuse my potential brevity.
>
> (To whom it may concern. My email address has changed. Replying to former
> messages prior to 03/31/12 with my personal address will go to the wrong
> address. Please send all personal correspondence to the new address.)
>
> (PS - If you email me and don't get a quick response, you might want to
> call on the phone. I get about 300 emails per day from alternate energy
> mailing lists and such. I don't always see new email messages very
> quickly.)
>
> Ron Frazier
> 770-205-9422 (O) Leave a message.
> linuxdude AT techstarship.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130118/22b38854/attachment.html>
More information about the Ale
mailing list