Several years ago, the Stuxnet virus was used by the U.S. and Israel to infect the Iranian nuclear weapons program. One of the effects that it had was to cause centrifuges to run too fast and destroy themselves. It has just been reported that a nuclear facility in Germany has malware including viruses on one of its computers.
The Gundremmingen nuclear power plant is about seventy miles from Munich. The infected computer was installed in 2008. It was dedicated to visualizing data about the movement of fuel rods at the power plant. There were also eighteen infected USB drives found at the plant.
One of the viruses on the infected computer was the W32.Ramnit. Its purpose is to capture social media posts and banking passwords from browser activity. It can also allow remote control of infected computers. It infects Windows operating systems and was first identified by Symantec in 2010.
Another virus found on the computer was Conficker. Conficker is a key logger that captures all the keystrokes entered on the computer's keyboard and then sends them to another computer via the Internet. Conficker also attempts to capture control of the infected computer in order to make it part of a network of infected computers referred to as a botnet. These botnets are used to mount what are called denial of service attacks on target computers by overwhelming their connections to the Internet. Conficker is also a Windows virus that was discovered by Symantec in 2008.
Both of these viruses are spread over the Internet and through infected USB drives. Fortunately, the computer at the nuclear power plant was not used for browsing the Internet or banking. In any case, the computer was not connected to the Internet so neither of these viruses was ever able to cause trouble. RWE, the company that operates the nuclear power plant informed the German Federal Office for Information Security (BSI) when it discovered the infected computer. The BSI is working with IT technicians to improve cyber security at the eight operating German nuclear power plants.
IT security experts say that infections on the computers used for critical infrastructure applications are quite common. Most common viruses are not designed to be aware of what kind on applications are running on the computers they infect. So unless a virus is specifically intended to attack a particular kind of application such as the Stuxnet virus, it is usually not a major threat to critical applications running on infrastructure computers.
Viruses are often spread unintentionally to computer via removable media such as USB drives. Devices such as smart phones and tablets that are connected to computer USB ports for charging can also spread malware. It is best for computers running critical applications to be disconnected from the Internet and from other local computers, if possible. Such separation is often referred to as an "air gap."There are locking devices that block USB ports and they should be used on all critical computers. A USB key to unlock a port can be used when it is necessary to move data and/or programs on and off of particular computers.
Gundremmingen nuclear power plant:
