The North American Electric Reliability Corp. released an industry alert this past month identifying malware that targets SCADA systems. The alert urges entities to closely review the information provided and recommends the implementation of mitigation methods as required.
The Stuxnet worm is a significant computer virus that exploits a previously unknown Microsoft Windows operating system vulnerability. While there have been no reported instances of Stuxnet in the United States, NERC is recommending that the industry take precautions in advance. Various versions of the Windows OS are widely deployed throughout the world’s critical infrastructures, including the North American bulk power system, which means there is the potential for significant impact.
"NERC is working with the federal government, industry and the security vendor community to develop mitigation strategies focused on bulk power system owners and operators," said Mark Weatherford, vice president and chief security officer at NERC. "We will continue to have ongoing, internal dialogue to ensure the grid’s security and reliability."
NERC, through its Electric Sector-Information Sharing and Analysis Center, provides actionable intelligence on current cyber threats, enabling utilities to have the most up-to-date information available that enhances the security of their systems. This is the third notification that NERC has issued to the industry since the Stuxnet virus was discovered on July 14.
NERC’s Critical Infrastructure Protection division has implemented a Malware Mitigation Tiger Team comprising a group of industry and government specialists. This team is tasked with keeping the industry informed and working with Microsoft regarding potential Windows updates for older computers running unsupported operating systems.