QUICK THINKING open sourcerers might have saved an Australian power supply system after its electrical grid control room network got infected with a virus.
A Windows virus hit the networks of Integral Energy and, according to a submission to Slashdot, the virus managed to spread to the operator display consoles in the control room.
Quick thinking techies in the control systems department of the utility swapped the infected Windows boxes for machines running Linux that they were using for development.
The move prevented the virus from taking over all the operator displays in the control room.
There have been a number of government inquiries into the security of electricity companies worldwide because of the fear that hackers, terrorists or cyber warriors for a rival country might take control of electric power grids. Now it would seem that such fears might have been realised.
However in Oz there could be some concern that notoriously insecure Windows machines were even being used for critical infrastructure systems. The Slashdot submission says that the power grid's system control and data acquisition (SCADA) servers run Solaris Unix and the operator consoles only really need to run X-windows displays. The question is why the utility would choose to run X on Windows boxes merely to talk to the UNIX-based SCADA servers that control the electrical grid.
According to the Sydney Morning Herald, so many other Windows machines at Integral Energy were found to have been infected by the virus that more than 1,000 of them have had to be rebuilt.
A spokesman said that the malware had not affected power supplies to customers or business data and was "contained within Integral Energy's information technology network".
However insecurity consultants who have looked at the Integral Energy network said that there was often "ineffective segregation" or "more typically none at all" between the the company's general use IT network and its supposedly separate, secure network that monitors and controls the electrical power infrastructure.
The virus was the W32.Virut.CF strain, which computer security company Symantec describes on its website as "a particularly sinister file infector".
Oddly the signature to detect this virus has been around on virus checkers since February and so it should have been spotted. It has been speculated that Integral Energy might not have upgraded all of its security software since January or earlier. µ