[ale] [OT]USB Storage Drive Loaded With Malware Shuts Down Power Plant

Matthew simontek at gmail.com
Sat Jan 19 00:00:41 EST 2013 

How? The US Navy prohibits USB drives. For This Reason, figured it went
through all of the gov't. So I guess we are the only ones encrypting drives
too?

On Fri, Jan 18, 2013 at 11:06 PM, David Tomaschik
<david at systemoverlord.com>wrote:

> Hi Ron,
>
> You're making a big assumption here -- that the software on the computer
> can be updated.  Many SCADA applications are only validated on VERY
> specific configurations and aren't updated to every new version.  SCADA
> really shouldn't be on the internet, and workers really shouldn't be
> plugging flash drives into SCADA.
>
> David
>
>
> On Fri, Jan 18, 2013 at 5:27 PM, Ron Frazier (ALE) <
> atllinuxenthinfo at techstarship.com> wrote:
>
>> Hi all,
>>
>> Step 1 - configure basic os and operational software from trusted sources
>> Step 2 - configure av, but it has to be updated, which could be a problem
>> Step 3 - scan the machine
>> Step 4 - TURN AUTOPLAY OFF - applies to Linux too
>> Step 5 - backup the machine locally
>> Step 6 - backup the machine offsite, or at least in a second location in
>> a fireproof bunker
>> Step 7 -maybe make a master backup on an mdisc or something so it's
>> permanent
>> Step 8 - when the machine must be updated, scan the update media first on
>> a separate system with autoplay off
>> Step 9 - do the update and create a second set of backups
>> Step 10 - repeat until 3 - 6 entire sets of backups are in place
>>
>> OK I'm not a security guru and there are many variations on this theme.
>>  But, that wasn't TOO hard to figure out.  It wouldn't necessarily protect
>> too well against zero day exploits.  But, since I solved their problem, I
>> want their salary.
>>
>> Ron
>>
>>
>> Sergio Chaves <sergio.chaves at gmail.com> wrote:
>>
>> >
>> http://www.eweek.com/security/usb-storage-drive-loaded-with-malware-shuts-down-power-plant/?kc=EWKNLNAV01182013STR1
>> >
>> >Sometimes you just gotta say, WTF???
>> >
>> >"US-CERT, which is part of the U.S. Department of Homeland Security,
>> >declined to identify which power plant was affected, and did not say
>> >whether the facility was operating on nuclear or conventional power.
>> >Industrial control systems frequently use Windows-based computers to
>> >run their specialized software, but they rarely run antivirus software
>> >because these computers aren’t connected to outside networks. However,
>> >using a USB drive to perform updates is common on these systems."
>> >"US-CERT, which is part of the U.S. Department of Homeland Security,
>> >declined to identify which power plant was affected, and did not say
>> >whether the facility was operating on nuclear or conventional power.
>> >Industrial control systems frequently use Windows-based computers to
>> >run their specialized software, but they rarely run antivirus software
>> >because these computers aren’t connected to outside networks. However,
>> >using a USB drive to perform updates is common on these systems."
>> >
>> >_______________________________________________
>> >Ale mailing list
>> >Ale at ale.org
>> >http://mail.ale.org/mailman/listinfo/ale
>> >See JOBS, ANNOUNCE and SCHOOLS lists at
>> >http://mail.ale.org/mailman/listinfo
>>
>>
>> --
>>
>> Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9
>> Mail.
>> Please excuse my potential brevity.
>>
>> (To whom it may concern.  My email address has changed.  Replying to
>> former
>> messages prior to 03/31/12 with my personal address will go to the wrong
>> address.  Please send all personal correspondence to the new address.)
>>
>> (PS - If you email me and don't get a quick response, you might want to
>> call on the phone.  I get about 300 emails per day from alternate energy
>> mailing lists and such.  I don't always see new email messages very
>> quickly.)
>>
>> Ron Frazier
>> 770-205-9422 (O)   Leave a message.
>> linuxdude AT techstarship.com
>>
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>
>
>
> --
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
SimonTek
912-398-6704
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130119/b8f01306/attachment-0001.html>

More information about the Ale mailing list