Routine Audit of SCADA Laptop Identifies Virus

Event Year: 2005 Reliability: Confirmed
Country: Australia
Industry Type: Water/Waste Water
Description:

A routine audit of dial in Laptop’s was conducted. Staff were reluctant to bring in laptops regularly to allow patches and upgrades. Three virus types were found and were active hence the reason for not wanting to provide the laptops.

Impact:

Minimal impact due to SCADA computers on network having regular and current patches and upgrades.

Action Description: Security access policies are now implemented on laptops. Becasue culprit of the virus was not confirmed, all the staff were cautioned and warned of Corporate IT Policy. The virus intrusion on laptop was not malicious. LAN security under audit improvement system under QA. Awaiting feedback infomation sharing from external sources, eg BCIT, to assist in improvements. A proposal is in process to have "dail in access" via secure VPN in DMZ on firewall for operator access to system. Also the possibility of arranging operator connection to perform automated auditing and updates to virus software and O/S.