Steel plant infected with Conficker

Event Year: 2011 Reliability: Confirmed
Industry Type: Metals
Description:

On February 6, 2011, the ALSPA system stopped.  An investigation revealed that there was a Conficker virus infection in all machines of the ALSPA system.  The worm spread throughout the power plant automation network (and probably in other automation networks, but the investigation was limited to the power plant due to budget constraints).  The virus flooded the network with unwanted packets and caused an instability in the communications between PLC’s and supervisory stations and freezing most of the supervisory systems.  The automation team cleaned the infected machines, but the virus returned.

The Alston team installed the Windows Service Pack II on all machines in the ALSPA system.  After cleaning, the system returned to work well disconnected from PI.  The worm infected the PI machine and the “SGE” network, but was removed without problems.  All systems returned to work well while the external networks are disconnected.  When these networks are reconnected, the malware returns.  Due to this, the automation team decided to keep these external networks disconnected.

Since the infection began, the company is paying monthly fines to government agencies because critical reports (such as environmental control, for example) were not being sent.

Impact:

The Conficker virus infected all machines of the ALSPA system.  The worm spread throughout the power plant automation network.  The virus flooded the network with unwanted packets and caused an instability in the communications between PLC’s and supervisory stations and freezing most of the supervisory systems.