The US Department of Homeland Security’s Cyber Emergency Response Team has released a report, which stated that two American electrical power plants were compromised late last year and has identified a number of glaring electronic vulnerabilities.
The report did not say if the computers did or did not have up-to-date antivirus software, but it did say that current software would have found the malware.
The other infection affected 10 computers in a turbine control system. It was also spread by a USB drive and resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks.
ICS-CERT recommended that the power facility adopt new USB use guidelines, including the cleaning of a USB device before each use.