Nimda Impact on Manufacturing System

Event Year: 2001 Reliability: Confirmed
Country: United States
Industry Type: Food & Beverage
Description:

A major manufacturing company that had implemented a complete anti-virus program for their IT environment.  All client hardware was required to have a specific anti-virus program with up-to-date signature files.  The IT servers were likewise protected.  In addition access to the IT systems was restricted to approved gateways and firewalls. 

The process control environment was under the control of a different department, which did not implement anti-virus protection or controlled access.  Late one night an control engineer, working on a production problem, logged in from home.  He dialed directly into one of the process control servers, something that had been done countless times before.  But in this particular case his personal PC at home had been infected with the Nimda virus.  It did not take long for the virus to hop across the production environment that was not prepared for this type of threat.

Impact:

Herculean efforts of the IC and IT staff prevented a production stoppage at this facility, but the recovery effort cost thousands of dollars in staff time due to a lack of preparedness.  The virus exploited the common technology, servers and protocol that in the past were not present.

Action Description: Change virus and remote access policy on plant floor.