The Gundremmingen nuclear power plant, which is only 75 miles outside of Munich Germany, has been infected with malware. The system used to monitor the fuel rods has been infected with the Conficker worm, and W32.Ramit. Conficker is used to turn computers into bots in order to launch denial of service attacks, and W32.Ranit gives hackers a backdoor to remotely access systems.
The system was infected by USB storage devices employees plugged into the system. Luckily these systems are not connected to the internet so the malware was never activated. The real concern is why are employee attitudes so relaxed that they would plug their personal storage devices into company systems. And it seems this type of behavior is typical, worldwide. In 2013 the U.S. Cyber Emergency Response Team (US-CERT) reported two U.S. power plants infected from personal USB storage devices used by employees.
While the power companies, and nearly all companies, have rules barring the use of personal storage devices, these rules rely on the honesty of the employee. Since the consumerization of I.T. most people think their smart enough to avoid problems so they ignore the rules. Well if nuclear engineers and rocket scientists aren’t smart enough, what makes the rest of us so smart?