German nuclear plant Gundremmingen located about 120 km (75 miles) northwest of Munich has been found to be infected with computer viruses.
The viruses appear not to have posed a threat to the facility’s operations because it is isolated from the Internet, the station’s operator said on Tuesday. The viruses found at the German nuclear plant include “W32.Ramnit” and “Conficker”, were discovered at Gundremmingen’s B unit in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods, plant owner RWE said.
Malware was also found on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the German nuclear plant operating systems. RWE said it had increased cyber-security measures as a result.
W32.Ramnit is designed to steal files from infected computers and targets Microsoft Windows software, according to the security firm Symantec. First discovered in 2010, it is distributed through data sticks, among other methods, and is intended to give an attacker remote control over a system when it is connected to the Internet.
The potential dangers of USB sticks when it comes to transporting computer viruses are well known, but even workers in highly sensitive environments like nuclear facilities can’t always seem to prevent themselves from exposing their PCs to malware. This latest “scare” reiterates the need for vigilance and simple “cyber-hygiene” procedures and training for all staff. While the viruses at the German nuclear plant were not part of an orchestrated attack, we are making it too easy for attackers.
Speaking at the MetricStream GRC Summit just yesterday Suzanne Spaulding, the Under Secretary, National Protection and Programs Directorate, said that preventing “devastating” physical consequences to America’s most critical infrastructure relies on a strong cyber front.
“When a lot of people think of infrastructure, they think of roads and bridges… But it is so much more than that,” said Spaulding. “It’s so easy to cede [cybersecurity] to the technical folks and to put this in a stovepipe, that it’s only about IT systems and networks, when really it has to be a part of that broader conversation about that functionality within those critical infrastructures.”
Spaulding cited the hacking of the Ukrainian electrical grid as a “watershed” real-world example of cyber threats posing physical consequences for infrastructure on which citizens depend.
“We saw for the very first time a cyber-attack that brought down critical infrastructure upon which civilian populations depend,” she said of the attack, which resulted in power outages for over 225,000 Ukrainians. “But the methods used were not all that sophisticated. We know how to mitigate those.”
Spaulding estimated that “90 to 95 percent” of malicious cyber activity, mostly stemming from social engineering and spear phishing, could be solved by basic cyber hygiene, and quickly resolved by being prepared for the “what if” in the event of a cyber-attack.