POWER February 2014 - 44

InstrumentatIon & Control
dard software, and this software is installed
on laptops from an ease-of-use perspective.
There is nothing inherently wrong with
using a laptop to complete vital work, but
laptops are not wrenches and screwdrivers.
They are multipurpose, and they have the
capability to affect operations that exceed
the scope of work. Laptops in industrial enIncidents
Involving
Removable Media at
Generation Sites
From a historical perspective, USB drives
have the public award for the most impact
on generation operations. In October
2012, ICS-CERT Monitor (published
by the U.S. Department of Homeland Security's
Industrial Control Systems Cyber
Emergency Response Team-ICS-CERT,
http://ics-cert.us-cert.gov) called out
two specific instances of virus infection
at generation plants involving USB
drives. In the first case, a third-party
technician infected a turbine control
system with the Mariposa virus via a
USB drive. The Monitor states that the
Mariposa infection and cleanup delayed
the restart of the plant by three weeks.
The Mariposa virus is a botnet virus
discovered in December 2008, which
allows victim systems to be rented for
use in conventional hacker attacks on
the Internet. The primary tactic is conducting
denial of service attacks, where
significant network traffic is directed at
a target from multiple infected systems,
crashing the target. Effective detection
and prevention (via anti-virus) has been
available for Mariposa since early 2009.
If the Monitor article is accurate about
the three-week delay being a result of
the virus, this is three weeks of lost
revenue due to a fully detectable and
preventable issue.
The second incident involved an employee
who was backing up two engineering
workstations and inadvertently
used an infected USB drive. ICS-CERT
does not call out the malware found,
but once again, updated anti-virus
found it upon a scan via the company's
IT department. Here too, regardless of
individual intent, the control system
was compromised by an easily detectable
and preventable virus.
vironments tend to migrate between control
system tasks and web browsing, email, and
basic file storage. Switching between the
outside world and the control system increases
the risk of an outside influence on
the process-and does so without any intent
from the user.
Restricting laptops becomes an even
more important policy when the technician
laptop is owned by an outside contractor.
That laptop has likely been to several other
industrial sites. It may even have been connected
to various Wi-Fi access points for
Internet usage, and it probably isn't getting
the patches and anti-virus updates it
should. Logically, allowing a previously
Internet-connected laptop to plug in to a
control system network is not a good riskprevention
strategy.
Laptops for control system use should be
segregated from normal IT laptops and never
used for IT functions like email and general
web browsing. They should receive updates to
anti-virus and patching. These laptops should
be checked out for usage and have appropriate
maintenance and training procedures, just
like a tool that can have a detrimental effect
on operations if used incorrectly. Laptops not
owned and managed by the plant should never
be allowed to connect without inspection,
just like other specialized tools a contractor
would bring on site.
Restrict Other Removable Media
CDs and DVDs have been the usual way
that control system software is distributed
to users, but use of USB drives for simple
file transfers has exploded over the past several
years in automation. All of these means
of moving files from system to system are
grouped under the heading of " removable
media. " Backups of control systems are conducted
using large removable media, vendors
often bring a set of tools and scripts on USB
removable media, and the configurations for
many automation devices can be loaded directly
from removable media.
The use case of removable media makes
it very attractive for reliably infecting systems.
Removable media is almost exclusively
used to swiftly transfer a program or
file that is immediately needed. Once on the
system, it is run by user action. If that file/
program is a virus or other malicious code,
it is now resident on your control system, regardless
of the individual's intent. To modify
a familiar safety quotation: That which
must be done fast is never done securely
(see sidebar " Incidents Involving Removable
Media at Generation Sites " ).
Removable media should never be directly
connected to control systems without
a rigorous inspection process. The inspec44
www.powermag.com
tion
process should make use of anti-virus
and should include a means to verify that
vendor software is unaltered. Vendor software
on removable media should come
directly from the manufacturer, with no
potential for added files. Removable media
used for control systems should be reserved
for control system use and never used on
noncontrol systems.
Use Anti-Virus
In generation, we make extensive use of protective
relaying systems to detect known fault
conditions and respond to those fault conditions
by taking prescribed action before damage
to equipment occurs. Protective relays
are used everywhere because of regulations,
and because the calculus of risk is simple: A
single event has the potential to harm a significant
capital investment and lose revenue,
and the cost of the prevention via protective
relay is far less than the consequence of not
preventing it. Protective relaying isn't perfect,
but it is significantly better to operate
with it than without it.
Anti-virus is the protective relay concept
applied to computer systems and processes.
Anti-virus continuously monitors for known
cybersecurity conditions and halts the activity
before it can damage the system. Anti-virus
will not protect you from new or unknown
conditions, but it does provide good protection
against what has already been found and
classified. Not all control systems can use
anti-virus, due to age of the operating system,
but all should investigate its usage as a
good control.
There has been discussion about anti-virus
between generation professionals over
the past decade. Many see it as a drain on
computing resources, as the protection requires
a certain level of processing power
and memory to be effective. Additionally,
there is a risk of a false positive, where the
anti-virus flags a valid process as a threat
and shuts it down. As a false positive could
be a vital control system process, this is
a risk that must be considered during the
testing of new signatures and during updates
of programs.
However-to reuse the protective relay
example-relays may also experience false
positives, and the consequences of a relay
misoperating can be equally nasty. Fundamentally,
the risk of misoperation was determined
to be less than the risk of operating
without protection, and procedures were put
in place to test settings. The same type of
procedure is necessary to minimize the negative
aspects of using anti-virus.
Major DCS and control system vendors in
electric power have endorsed the use of antivirus
(though they generally require you use
POWER | February 2014
http://ics-cert.us-cert.gov http://www.powermag.com

POWER February 2014

Table of Contents for the Digital Edition of POWER February 2014

Contents
POWER February 2014 - Cover1
POWER February 2014 - Cover2
POWER February 2014 - Contents
POWER February 2014 - 2
POWER February 2014 - 3
POWER February 2014 - 4
POWER February 2014 - 5
POWER February 2014 - 6
POWER February 2014 - 7
POWER February 2014 - 8
POWER February 2014 - 9
POWER February 2014 - 10
POWER February 2014 - 11
POWER February 2014 - 12
POWER February 2014 - 13
POWER February 2014 - 14
POWER February 2014 - 15
POWER February 2014 - 16
POWER February 2014 - 17
POWER February 2014 - 18
POWER February 2014 - 19
POWER February 2014 - 20
POWER February 2014 - 21
POWER February 2014 - 22
POWER February 2014 - 23
POWER February 2014 - 24
POWER February 2014 - 25
POWER February 2014 - 26
POWER February 2014 - 27
POWER February 2014 - 28
POWER February 2014 - 29
POWER February 2014 - 30
POWER February 2014 - 31
POWER February 2014 - 32
POWER February 2014 - 33
POWER February 2014 - 34
POWER February 2014 - 35
POWER February 2014 - 36
POWER February 2014 - 37
POWER February 2014 - 38
POWER February 2014 - 39
POWER February 2014 - 40
POWER February 2014 - 41
POWER February 2014 - 42
POWER February 2014 - 43
POWER February 2014 - 44
POWER February 2014 - 45
POWER February 2014 - 46
POWER February 2014 - 47
POWER February 2014 - 48
POWER February 2014 - 49
POWER February 2014 - 50
POWER February 2014 - 51
POWER February 2014 - 52
POWER February 2014 - 53
POWER February 2014 - 54
POWER February 2014 - 55
POWER February 2014 - 56
POWER February 2014 - 57
POWER February 2014 - 58
POWER February 2014 - 59
POWER February 2014 - 60
POWER February 2014 - 61
POWER February 2014 - 62
POWER February 2014 - 63
POWER February 2014 - 64
POWER February 2014 - Cover3
POWER February 2014 - Cover4
https://www.nxtbook.com/accessintelligence/POWER/pwr_march-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_february-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_january-2024
https://www.nxtbook.com/accessintelligence/POWER/pwr_december-2023
https://www.nxtbook.com/accessintelligence/POWER/pwr_november-2023
https://www.nxtbook.com/accessintelligence/POWER/power-october-2023
https://www.nxtbook.com/accessintelligence/POWER/re-tech-supp-to-power-september-2023
https://www.nxtbook.com/accessintelligence/POWER/power-september-2023
https://www.nxtbook.com/accessintelligence/POWER/power-and-re-tech-supp-september-2023
https://www.nxtbook.com/accessintelligence/POWER/power-august-2023
https://www.nxtbook.com/accessintelligence/POWER/power-july-2023
https://www.nxtbook.com/accessintelligence/POWER/power-june-2023
https://www.nxtbook.com/accessintelligence/POWER/power-may-2023
https://www.nxtbook.com/accessintelligence/POWER/power-april-2023
https://www.nxtbook.com/accessintelligence/POWER/power-march-2023
https://www.nxtbook.com/accessintelligence/POWER/power-february-2023
https://www.nxtbook.com/accessintelligence/POWER/power-january-2023
https://www.nxtbook.com/accessintelligence/POWER/power-december-2022
https://www.nxtbook.com/accessintelligence/POWER/power-november-2022
https://www.nxtbook.com/accessintelligence/POWER/Power-October-2022-140th-Anniversary-Supp
https://www.nxtbook.com/accessintelligence/POWER/Power-October-2022-and-Anniversary-Supp
https://www.nxtbook.com/accessintelligence/POWER/power-and-re-tech-supp-september-2022
https://www.nxtbook.com/accessintelligence/POWER/power-september-2022
https://www.nxtbook.com/accessintelligence/POWER/power-august-2022
https://www.nxtbook.com/accessintelligence/POWER/Power-July-2022-Intl
https://www.nxtbook.com/accessintelligence/POWER/power-july-2022
https://www.nxtbook.com/accessintelligence/POWER/power-june-2022-intl
https://www.nxtbook.com/accessintelligence/POWER/power-june-2022
https://www.nxtbook.com/accessintelligence/POWER/power-may-2022
https://www.nxtbook.com/accessintelligence/POWER/power-may-2022-intl
https://www.nxtbook.com/accessintelligence/POWER/power-april-2022
https://www.nxtbook.com/accessintelligence/POWER/Power-April-2022-Intl
https://www.nxtbook.com/accessintelligence/POWER/power-march-2022
https://www.nxtbook.com/accessintelligence/POWER/power-february-2022
https://www.nxtbook.com/accessintelligence/POWER/power-january-2022
https://www.nxtbook.com/accessintelligence/POWER/power-december-2021
https://www.nxtbook.com/accessintelligence/POWER/power-top-plants-supp-december-2021
https://www.nxtbook.com/accessintelligence/POWER/power-november-2021
https://www.nxtbook.com/accessintelligence/POWER/power-october-2021
https://www.nxtbook.com/accessintelligence/POWER/power-september-2021
https://www.nxtbook.com/accessintelligence/POWER/power-august-2021
https://www.nxtbook.com/accessintelligence/POWER/power-july-2021
https://www.nxtbook.com/accessintelligence/POWER/power-june-2021
https://www.nxtbook.com/accessintelligence/POWER/power-may-2021
https://www.nxtbook.com/accessintelligence/POWER/power-april-2021
https://www.nxtbook.com/accessintelligence/POWER/power-march-2021
https://www.nxtbook.com/accessintelligence/POWER/power-february-2021
https://www.nxtbook.com/accessintelligence/POWER/power-january-2021
https://www.nxtbook.com/accessintelligence/POWER/power-december-2020
https://www.nxtbook.com/accessintelligence/POWER/power-november-2020
https://www.nxtbook.com/accessintelligence/POWER/power-october-2020
https://www.nxtbook.com/accessintelligence/POWER/power-september-2020
https://www.nxtbook.com/accessintelligence/POWER/power-august-2020
https://www.nxtbook.com/accessintelligence/POWER/power-july-2020
https://www.nxtbook.com/accessintelligence/POWER/power-june-2020
https://www.nxtbook.com/accessintelligence/POWER/power-may-2020
https://www.nxtbook.com/accessintelligence/POWER/power-april-2020
https://www.nxtbook.com/accessintelligence/POWER/power-march-2020
https://www.nxtbook.com/accessintelligence/POWER/power-february-2020
https://www.nxtbook.com/accessintelligence/POWER/power-january-2020
https://www.nxtbook.com/accessintelligence/POWER/power-december-2019
https://www.nxtbook.com/accessintelligence/POWER/power-november-2019
https://www.nxtbook.com/accessintelligence/POWER/power-october-2019
https://www.nxtbook.com/accessintelligence/POWER/power-september-2019
https://www.nxtbook.com/accessintelligence/POWER/power-august-2019
https://www.nxtbook.com/accessintelligence/POWER/power-july-2019
https://www.nxtbook.com/accessintelligence/POWER/power-june-2019
https://www.nxtbook.com/accessintelligence/POWER/power-may-2019
https://www.nxtbook.com/accessintelligence/POWER/power-april-2019
https://www.nxtbook.com/accessintelligence/POWER/power-march-2019
https://www.nxtbook.com/accessintelligence/POWER/power-february-2019
https://www.nxtbook.com/accessintelligence/POWER/power-january-2019
https://www.nxtbook.com/accessintelligence/POWER/power-december-2018
https://www.nxtbook.com/accessintelligence/POWER/power-november-2018
https://www.nxtbook.com/accessintelligence/POWER/power-october-2018
https://www.nxtbook.com/accessintelligence/POWER/power-september-2018
https://www.nxtbook.com/accessintelligence/POWER/power-august-2018
https://www.nxtbook.com/accessintelligence/POWER/power-july-2018
https://www.nxtbook.com/accessintelligence/POWER/power-june-2018
https://www.nxtbook.com/accessintelligence/POWER/power-may-2018
https://www.nxtbook.com/accessintelligence/POWER/power-april-2018
https://www.nxtbook.com/accessintelligence/POWER/power-march-2018
https://www.nxtbook.com/accessintelligence/POWER/power-february-2018
https://www.nxtbook.com/accessintelligence/POWER/power-january-2018
https://www.nxtbook.com/accessintelligence/POWER/power-december-2017
https://www.nxtbook.com/accessintelligence/POWER/power-november-2017
https://www.nxtbook.com/accessintelligence/POWER/power-october-2017
https://www.nxtbook.com/accessintelligence/POWER/power-september-2017
https://www.nxtbook.com/accessintelligence/POWER/power-august-2017
https://www.nxtbook.com/accessintelligence/POWER/power-july-2017
https://www.nxtbook.com/accessintelligence/POWER/power-june-2017
https://www.nxtbook.com/accessintelligence/POWER/power-may-2017
https://www.nxtbook.com/accessintelligence/POWER/power-april-2017
https://www.nxtbook.com/accessintelligence/POWER/power-march-2017
https://www.nxtbook.com/accessintelligence/POWER/power-february-2017
https://www.nxtbook.com/accessintelligence/POWER/power-january-2017
https://www.nxtbook.com/accessintelligence/POWER/power-december-2016
https://www.nxtbook.com/accessintelligence/POWER/power-november-2016
https://www.nxtbook.com/accessintelligence/POWER/power-october-2016
https://www.nxtbook.com/accessintelligence/POWER/power-september-2016
https://www.nxtbook.com/accessintelligence/POWER/power-august-2016
https://www.nxtbook.com/accessintelligence/POWER/power-july-2016
https://www.nxtbook.com/accessintelligence/POWER/power-june-2016
https://www.nxtbook.com/accessintelligence/POWER/power-may-2016
https://www.nxtbook.com/accessintelligence/POWER/power-april-2016
https://www.nxtbook.com/accessintelligence/POWER/power-march-2016
https://www.nxtbook.com/accessintelligence/POWER/power-february-2016
https://www.nxtbook.com/accessintelligence/POWER/power-january-2016
https://www.nxtbook.com/accessintelligence/POWER/power-december-2015
https://www.nxtbook.com/accessintelligence/POWER/power-november-2015
https://www.nxtbook.com/accessintelligence/POWER/power-october-2015
https://www.nxtbook.com/accessintelligence/POWER/power-september-2015
https://www.nxtbook.com/accessintelligence/POWER/power-august-2015
https://www.nxtbook.com/accessintelligence/POWER/power-july-2015
https://www.nxtbook.com/accessintelligence/POWER/power-june-2015
https://www.nxtbook.com/accessintelligence/POWER/power-may-2015
https://www.nxtbook.com/accessintelligence/POWER/power-april-2015
https://www.nxtbook.com/accessintelligence/POWER/power-march-2015
https://www.nxtbook.com/accessintelligence/POWER/power-february-2015
https://www.nxtbook.com/accessintelligence/POWER/power-january-2015
https://www.nxtbook.com/accessintelligence/POWER/power-december-2014
https://www.nxtbook.com/accessintelligence/POWER/power-november-2014
https://www.nxtbook.com/accessintelligence/POWER/power-october-2014
https://www.nxtbook.com/accessintelligence/POWER/power-september-2014
https://www.nxtbook.com/accessintelligence/POWER/power-august-2014
https://www.nxtbook.com/accessintelligence/POWER/power-july-2014
https://www.nxtbook.com/accessintelligence/POWER/power-june-2014
https://www.nxtbook.com/accessintelligence/POWER/power-may-2014
https://www.nxtbook.com/accessintelligence/POWER/power-april-2014
https://www.nxtbook.com/accessintelligence/POWER/power-march-2014
https://www.nxtbook.com/accessintelligence/POWER/power-february-2014
https://www.nxtbook.com/accessintelligence/POWER/power-january-2014
https://www.nxtbook.com/accessintelligence/POWER/power-december-2013
https://www.nxtbook.com/accessintelligence/POWER/power-november-2013
https://www.nxtbook.com/accessintelligence/POWER/power-october-2013
https://www.nxtbook.com/accessintelligence/POWER/power-september-2013
https://www.nxtbook.com/accessintelligence/POWER/power-august-2013
https://www.nxtbook.com/accessintelligence/POWER/power-july-2013
https://www.nxtbook.com/accessintelligence/POWER/power-june-2013
https://www.nxtbook.com/accessintelligence/POWER/power-may-2013
https://www.nxtbook.com/accessintelligence/POWER/power-april-2013
https://www.nxtbook.com/accessintelligence/POWER/power-march-2013
https://www.nxtbook.com/accessintelligence/POWER/power-february-2013
https://www.nxtbook.com/accessintelligence/POWER/power-january-2013
https://www.nxtbook.com/accessintelligence/POWER/power-december-2012
https://www.nxtbook.com/accessintelligence/POWER/power-november-2012
https://www.nxtbook.com/accessintelligence/POWER/power-october-2012
https://www.nxtbook.com/accessintelligence/POWER/power-september-2012
https://www.nxtbook.com/accessintelligence/POWER/power-august-2012
https://www.nxtbook.com/accessintelligence/POWER/power-july-2012
https://www.nxtbook.com/accessintelligence/POWER/power-june-2012
https://www.nxtbook.com/accessintelligence/POWER/power-may-2012
https://www.nxtbook.com/accessintelligence/POWER/power-april-2012
https://www.nxtbook.com/accessintelligence/POWER/power-march-2012
https://www.nxtbook.com/accessintelligence/POWER/power-february-2012
https://www.nxtbook.com/accessintelligence/POWER/power-january-2012
https://www.nxtbook.com/accessintelligence/POWER/power-november-2011
https://www.nxtbook.com/accessintelligence/POWER/power-october-2011
https://www.nxtbook.com/accessintelligence/POWER/power-september-2011
https://www.nxtbook.com/accessintelligence/POWER/power-august-2011
https://www.nxtbook.com/accessintelligence/POWER/power-july-2011
https://www.nxtbook.com/accessintelligence/POWER/power-june-2011
https://www.nxtbook.com/accessintelligence/POWER/power-may-2011
https://www.nxtbook.com/accessintelligence/POWER/power-april-2011
https://www.nxtbook.com/accessintelligence/POWER/power-march-2011
https://www.nxtbook.com/accessintelligence/POWER/power-february-2011
https://www.nxtbook.com/accessintelligence/POWER/power-january-2011
https://www.nxtbook.com/accessintelligence/POWER/power-december-2010
https://www.nxtbook.com/accessintelligence/POWER/power-november-2010
https://www.nxtbook.com/accessintelligence/POWER/power-october-2010
https://www.nxtbook.com/accessintelligence/POWER/power-september-2010
https://www.nxtbook.com/accessintelligence/POWER/power-august-2010
https://www.nxtbook.com/accessintelligence/POWER/power-july-2010
https://www.nxtbook.com/accessintelligence/POWER/power-june-2010
https://www.nxtbook.com/accessintelligence/POWER/power-may-2010
https://www.nxtbookmedia.com