Last year, two US power plants were infected by malware that was brought into the system by USB drives. This is according to the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) as this is their job to protect and respond to security issues such as this. These latest events just add fuel to the growing fire over whether or not key infrastructure is secure.
ICS-CERT has said that the two power plants were targeted by "sophisticated" attacks. ICS-CERT added that these are common and are expected to continue increasing with time.
One technician uploaded the virus to one power plant while attempting to update software on the system. The other plant was infected by a USB used to back up control systems configurations. He reported issues with the drive and IT staff found the malware present on the drive.
The systems were taken offline for around three weeks while the problems were sorted out. This goes to show just how much of a problem malware could be to key infrastructure systems in the future.