How can you bring down a critical part of a country's infrastructure? Introduce an infected USB drive into the system. Read More ..
According to the U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), two power plants in the three months leading to the end of 2012 reported infections -- a number which is likely to rise in the coming year unless we begin taking cybersecurity threats to our infrastructure more seriously.
The ICS-CERT Monitor report (.pdf) states that both "common and sophisticated" malware was found at a power generation facility in one case, discovered after an employee had issues connecting a USB drive to a workstation.
Although the type of malware wasn't revealed, the report mentions that "the employee routinely used this USB drive for backing up control systems configurations within the control environment," which could prove to be a loophole hackers could routinely exploit to connect with the most important systems within a power plant. In addition, ICS-CERT said that sophisticated malware was found on two engineering-based workstations that are "critical" to the control of the power station.