Malicious virus shuttered U.S. power plant

Professional Engineer & PE Exam Forum

Help Support Professional Engineer & PE Exam Forum:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Capt Worley PE

Capt Worley PE

Run silent, run deep
Joined
May 4, 2007
Messages
13,369
Reaction score
649
Location
SC
First I heard of this. Sounds like they are keeping the cards close on this one.

http://www.reuters.com/article/2013/01/16/cybersecurity-powerplants-idUSL1E9CGFPY20130116

Jan 16 (Reuters) - A computer virus attacked a turbine control system at a U.S. power company last fall when a technician unknowingly inserted an infected USB computer drive into the network, keeping a plant off line for three weeks, according to a report posted on a U.S. government website.

The Department of Homeland Security report did not identify the plant but said criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident.

It was introduced by an employee of a third-party contractor that does business with the utility, according to the agency.

DHS reported the incident, which occurred in October, along with a second involving a more sophisticated virus, on its website as cyber experts gather at a high-profile security conference in Miami known as S4 to review emerging threats against power plants, water utilities and other parts of the critical infrastructure.

In addition to not identifying the plants, a DHS spokesman declined to say where they are located.
Click to expand...
Not good at all.

 
Off-line isn't as scary as on-line with an agenda. Actually SCADA security is huge these days as people are finding that much of the hardware and software isn't that secure. Most SCADA system use security by isolation but ignore the whole fact that USB drives are a staple that will bridge the system to the outside world. I've heard plenty of stories of integrators inadvertently infecting customer sites but usually it's just a run of the mill virus. Ever since the Stuxnet virus though the controls industry has had to take a harder look at their security. Counting on a system being an island and ignorance of PLC platforms isn't going keep sites safe any longer.

 
Excellent points Niki. I work for a utility and we count on the air-gap as a major part of our SCADA security, but having the ability to bridge that gap with an unintentional usb infection could be disasterous to our system...

 
Just curious, what are you afraid of them doing online with an agenda? According to the report the virus was in the turbine control system. . .at worst I can see the turbine control system being disabled could cause a catastrophic failure of the turbine--which could cause a lot of damage and loss of life, but it should be contained to the local area of the plant.

Now, if they're able to take over several plants at once--that could cause widespread problems.

 
I think what she is saying is if they could implant the virus in several plants and/or SCADA systems and have a timed event, say March 15th 12 noon CST(et tu brutus), and have all the viruses attack at this given time, it could bring down the grid...

 
KNINE OUTDOORS Screwdriver Set Engineering Repair Kit Maintenance Tools Durable Construction Accessories with Ratcheting Wrench Rubber Mallet Bits Wrenches Adapters Pin Punches, 100 Set
$54.97
KNINE OUTDOORS Screwdriver Set Engineering Repair Kit Maintenance Tools Durable Construction Accessories with Ratcheting Wrench Rubber Mallet Bits Wrenches Adapters Pin Punches, 100 Set Knine Outdoors
EAI 560439 Texas Instruments TI-36X Pro Scientific Calculator Small
$28.05
EAI 560439 Texas Instruments TI-36X Pro Scientific Calculator Small Smart Toners
EFFICERE 22-Ounce All Steel Rock Pick Hammer with Pointed Tip, 11-Inch Overall Length | Essential for Geological Study, Rock Hounding, Prospecting, Mining, Fossil Dig, Masonry Related and Much More
$13.99
EFFICERE 22-Ounce All Steel Rock Pick Hammer with Pointed Tip, 11-Inch Overall Length | Essential for Geological Study, Rock Hounding, Prospecting, Mining, Fossil Dig, Masonry Related and Much More Efficere Tools
Calculated Industries 4065 Construction Master Pro Advanced Construction Math Feet-inch-Fraction Calculator for Contractors, Estimators, Builders, Framers, Remodelers, Renovators and Carpenters
-45%
$43.99 $79.95
Calculated Industries 4065 Construction Master Pro Advanced Construction Math Feet-inch-Fraction Calculator for Contractors, Estimators, Builders, Framers, Remodelers, Renovators and Carpenters Amazon.com
Texas Instruments TI-Nspire CX II CAS Color Graphing Calculator with Student Software (PC/Mac)
-5%
$166.99 $175.00
Texas Instruments TI-Nspire CX II CAS Color Graphing Calculator with Student Software (PC/Mac) Amazon.com
Casio fx-115ESPLUS2 2nd Edition, Advanced Scientific Calculator
-33%
$19.99 $29.99
Casio fx-115ESPLUS2 2nd Edition, Advanced Scientific Calculator Amazon.com
YICIZOL 30km Visual Fault Locator,Optic Fiber power Meter with FC,SC Connector, Optic Fiber Cleaver and FC/UPC(Male) to LC/UPC(Female) Adapter FTTH tool kits for CATV engineering (YC-X5)
$79.89
YICIZOL 30km Visual Fault Locator,Optic Fiber power Meter with FC,SC Connector, Optic Fiber Cleaver and FC/UPC(Male) to LC/UPC(Female) Adapter FTTH tool kits for CATV engineering (YC-X5) YICIZOL
ESTWING Sure Strike Blacksmith's Hammer - 40 oz Metalworking Tool with Fiberglass Handle & No-Slip Cushion Grip - MRF40BS
$19.98
ESTWING Sure Strike Blacksmith's Hammer - 40 oz Metalworking Tool with Fiberglass Handle & No-Slip Cushion Grip - MRF40BS Amazon.com
Automatic Level 32X Optical Transit Survey Auto Level High Precision Level Gauge Measure Meter Machine
$101.99
Automatic Level 32X Optical Transit Survey Auto Level High Precision Level Gauge Measure Meter Machine Yae First Trading
Prostormer Mechanic Tool Set, 240-Pieces Universal Household Auto Repair Tool Kit with Heavy Duty Aluminium Tool Box
$102.99
Prostormer Mechanic Tool Set, 240-Pieces Universal Household Auto Repair Tool Kit with Heavy Duty Aluminium Tool Box Prostormer
Casio FX-991ES Plus-2nd Edition Scientific Calculator
-8%
$25.80 $27.99
Casio FX-991ES Plus-2nd Edition Scientific Calculator The Watch Box
Mr. Pen- Architect Set, Professional Geometry Set, 17 Pcs, Compass and Protractor Set, Drafting Tools, Scale Ruler, Drawing Stencils, Metal Ruler Set, Christmas Gift
$17.99
Mr. Pen- Architect Set, Professional Geometry Set, 17 Pcs, Compass and Protractor Set, Drafting Tools, Scale Ruler, Drawing Stencils, Metal Ruler Set, Christmas Gift Mr. Pen
10 Pack Engineering Scientific Calculators, 2-Line Display Function Calculator, Math Calculator Ideal for Student Teacher Middle School, College and Offices
$38.20
10 Pack Engineering Scientific Calculators, 2-Line Display Function Calculator, Math Calculator Ideal for Student Teacher Middle School, College and Offices Riccione
Texas Instruments TI-84 Plus CE Color Graphing Calculator, Black
-27%
$109.95 $150.00
Texas Instruments TI-84 Plus CE Color Graphing Calculator, Black FastFourU
Garden Tool Organizer for Garage, Garden Tool Rack, Up to 58 Long Handled Tools, Yard Tool Holder for Garage, Shed, Outdoor, Tool Stand, Black (Garden Tool Rack)
$79.99
Garden Tool Organizer for Garage, Garden Tool Rack, Up to 58 Long Handled Tools, Yard Tool Holder for Garage, Shed, Outdoor, Tool Stand, Black (Garden Tool Rack) Kingarage-US
RENUS 8 Packs, 2-Line Engineering Scientific Calculator Function Calculator for Student and Teacher 16 AAA Batteries Included
$39.99
RENUS 8 Packs, 2-Line Engineering Scientific Calculator Function Calculator for Student and Teacher 16 AAA Batteries Included RenusDirect
DERRACO ENGINEERING GUARD PRESS for Knife Makers great for making hidden tang knives.
$35.00
DERRACO ENGINEERING GUARD PRESS for Knife Makers great for making hidden tang knives. Derraco Engineering
StoreYourBoard Freestanding Tool Storage Rack, Garage Floor Stand, Adjustable Garden Tool Organizer, Industrial Steel
$249.99
StoreYourBoard Freestanding Tool Storage Rack, Garage Floor Stand, Adjustable Garden Tool Organizer, Industrial Steel StoreYourBoard
I was speaking more the general idea of an attack to any SCADA system. There is the example Judowolf used. In other industries, such as the water/wastewater industry that I work in, there could be huge environmental and public health concerns. If, as they did with Stuxnet, the virus has the PLC behave in one manner while feeding false data back to the HMI, the system could be kept online while doing harm.

 
Yes, I would think a realistic fear is a virus that's coordinated against the means of production. IMHO,Katrina and Sandy demonstrate that even wide area damage doesn't necessarily initiate the Zombie Apocalypse. The utilities can pull together and get stuff put back together relatively quickly in most cases (a few weeks). But if there's nothing to connect to...??? That could be a problem.

Just "could" be though - I'm cautiously optimistic that it would be fine; no Z/A either way. Humans survived for 10,000 years prior to the invention of electricity, so we might just make it.

Conspiracy Theory for Today: Do you think we're getting the full story on Crystal River? Wait a sec, a black van just pulled in my driveway - be right back.

 
Once the grid goes down, it's not as easy as flipping a switch to bring it back up...if the whole national grid went down, it would be a nightmare. True, we have lived without electricity for all but the past 100 or so years, but people would flip out!

What happened in Crystal River...guess I'm behind

 
Well, in August 2003 half the Eastern Interconnection went down and we managed to get it back in three days, including minor damage at several generating plants.

I can't take too much credit for it though since the outage stopped at my employer's border. I.e. we stopped the blackout, lol :)

 
Judowolf PE said:
Once the grid goes down, it's not as easy as flipping a switch to bring it back up...if the whole national grid went down, it would be a nightmare. True, we have lived without electricity for all but the past 100 or so years, but people would flip out! What happened in Crystal River...guess I'm behind
Click to expand...


The last I heard they're having problems with concrete in their containment structure. Duke hasn't announced a decision yet as to whether they will repair or retire the plant.

 
Mud, you're right, I had to do a big powerpoint presentation on the blackout of 2003 and go around and present it to local civic groups explaining what happened and what steps we could take to prevent it from happening here...

 
Now that NERC rode to the rescue it would probably take longer due to all the paperwork.

 
I heard about that and what I was working attune device mployer Rutgers a verboten something about USB drives and sich

 
Flyer_PE said:
Judowolf PE said:
Once the grid goes down, it's not as easy as flipping a switch to bring it back up...if the whole national grid went down, it would be a nightmare. True, we have lived without electricity for all but the past 100 or so years, but people would flip out! What happened in Crystal River...guess I'm behind
Click to expand...


The last I heard they're having problems with concrete in their containment structure. Duke hasn't announced a decision yet as to whether they will repair or retire the plant.
Click to expand...
They've actually had quite a few structural issues not just in the containment building. Most of their spectra responses we see for the crane specs are always changing. Word has it they cut a number corners awhile back with their licensing and now it is coming back to bite them.

 
I don't know if I would say they cut corners in licensing. Crystal River was licensed back when nuclear power was supposed to be "Too Cheap to Meter". Times and standards have evolved a bit in the intervening years.

 

Similar threads

Slugger926
Engineering Outlooks/Sallaries
Replies
0
Views
1K
Slugger926
Slugger926

Latest posts

Back
Top