Australian power supplier Integral Energy, a company “trusted” by 800,000 families and businesses according to their web site, has recently had to repair all of the company’s 1000 desktop computers and replace machines in the control room to contain a Win32 virus. If the Sydney Morning Herald is correct and Integral have been using anti-virus software that hasn’t been updated since before February, this is a huge cause for concern.
According to The Inquirer:
A Windows virus hit the networks of Integral Energy and, according to a submission to Slashdot, the virus managed to spread to the operator display consoles in the control room.
Quick thinking techies in the control systems department of the utility swapped the infected Windows boxes for machines running Linux that they were using for development.
Apparently security experts also found there was “ineffective segregation” or “more typically none at all” between the the company’s main network and the power grid computers.
Thankfully the power grid control servers run Solaris (at least they got something right), you would still hope that any computers in a network connected to power grid computers would at least have anti-virus software up-to-date. I must ask: why on earth were the computers used by the operators running Windows, and connected to the main network with out-of-date security software? My own computer would be more suitable for running a power grid.
I watched a documentary once that claimed critical infrastructure systems in many countries were insecure, and I thought they were exaggerating. But if a virus that was known since February can bring down 1000 computers of a power supplier, including the control room, I’m not so sure…
Update antivirus? I’ve been seeing alot of viruses going through my spam gateway that are not detected by symantec, kaspersky or clamav. The only way I’ve been able to stop it is to update spam rules to include the subjects that these viruses are using. Typically “UPS/DHS delivery problem number”.
In other words, in my humble opinion, there is no all-in-one solution to this problem except for replacing all microsoft desktops with alternate solutions that do not suffer from these issues.
@Steve
I agree that linux/other non-MS alternative would be better. But you would still be crazy as a power company to not to update your antivirus.
I have seen that w32.virut.cf in the wild and it is nasty! Although my money is that they were using CA antivirus, that software is like a fake rolex, sure it shows time and might look the part but you couldn’t trust it as far as you could throw it!
Antivirus is pretty pointless in this sort of environment. If it has to work, you have to stop it getting viruses some other way, hence the segregation discussion.
Antivirus is just another thing to go wrong, and these days a significant proportion of the malware in the wild will not be detected by up-to-date antivirus. So if it is your only defence, then you are already toast.
Where we have Windows servers (and we try not to), they are mostly logically (if not physically) separated for user desktops, and don’t run any antivirus. But then no one is relying on those servers for anything as critical as domestic electricity supply, so the logical separation has proved sufficient to date.
Simon,
Apparently the networks must be connected to share billing information and for QoS measuring.
I’ve been searching for this exact information on this topic for a long time.