Annual reports issued by Homeland Security and the Department of Energy have detailed weaknesses in the industrial computer systems, and repeatedly have pressed companies to improve security practices.
Reports as recently as this May urged companies to routinely download patches to update software, change and improve passwords, carefully restrict access to critical systems and use firewalls to separate commonly used networks from those that control key systems.
A successful attack against a critical control system, the Energy Department warned in its May report, “may result in catastrophic physical or property damage and loss.”
Over the past year, Homeland Security has been quietly deploying teams across the country to assess weaknesses in industrial control systems. The agency has created four teams and — with a budget scheduled to increase from $10 million this year to $15 million next year — has plans to grow to 10 teams in 2011.
Each team is armed with a $5,000 kit: a black, suitcase-sized bag crammed with cables, converters, data storage and high-tech computer forensic tools. With that equipment, the teams can download the problem malware, analyze it and work with the companies to correct or clean their systems.
Mr. McGurk said the teams have conducted 50 assessments and have been dispatched 13 times to investigate and help correct cyber-incidents and attacks. Nine of those cases involved some type of deliberate intrusion, while the other four were unintended results of operator actions.
In one of the nine intrusion cases, a company representative had gone to a conference and had the presentation documents downloaded onto a computer flash drive.
One of the files was infected with the Mariposa botnet, a malicious software code that has infected 12 million computers worldwide, including at hundreds of companies and at least 40 major banks in 190 countries since appearing in December 2008.
When the representative returned to his office and connected his laptop to the company’s network, the botnet spread and eventually affected nearly 100 computers.
A Homeland Security team was dispatched and helped the company evaluate the problem and begin to clear up the system.
'Your papers, please' must never be heard in America
Independent voices from the TWT Communities
When you need to know who is making business, and what business is being made, you need the Business Browser.
How does our 50th state view D.C. politics?
A collection of reader guest articles, thoughts and opinions by Communities writers and breaking news and information.
Reflections on raising families in a holistic way -- with a focus on nutrition and alternative health.
Benghazi: The anatomy of a scandal
Vietnam Memorial adds four names
Cinco de Mayo on the Mall