SCADA Workstation Infected by W32/Korgo Worm
| Event Year: | 2004 | Reliability: | Confirmed |
|---|---|---|---|
| Country: | United States | ||
| Industry Type: | Power and Utilities | ||
| Description: | The SCADA operator workstations got hit with the W32/Korgo worm virus. They were out of service starting at 14:33 and one terminal was back by 16:15. The first terminal was back by 18:23. These three terminals were on the corporate Intranet outside the SCADA firewall. |
||
| Impact: | Immediate installation of a Microsoft patch on all impacted workstations to correct the problem. Then rolled out Anti-virus software and the same Microdoft patch on all other SCADA workstations inside the SCADA fireweall. A new subnet and screening router for these three Intranet connected workstations was put into place. |
||
| Action Description: | Working to roll out the Microsoft patches into the SCADA HMIs much quicker. McAffee epo agent was installed on all SCADA workstations to update dat files daily. | ||