The US Department of Homeland Security’s Cyber Emergency Response Team has recently released a report shich stated that two American electrical power plants were compromised late last year and in addition identified a number of glaring electronic vulnerabilities.
In the case of the infected power plants malware infected their control systems. The tainted USB drive came into contact with several computers at the power generation facility. Investigators found sophisticated malware on two engineering workstations which were critical to the operation of the control enviornment.
In addition more computers at the power station were infected in the turbine control room. Once again the malware was spread through an infected USB drive inserted into a workstation.
I am not sure what the “control system” and “turbine control” systems actually do, but if I had to guess they are really, really important.
This and other recent stories should remind us to never-ever pick up a USB drive that you “find” and place it into a computer to “see what’s on the drive”. In fact USB drives should should not be brought into any workplace and inserted into your employer’s computers without prior permission.
Of course additional policies and procedures will have to be drafted and enforced by any organization striving to protect the security of their data.