This article touches on a recent report by the U.S. Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The report states that in the last three months of 2012, two power plants in the US reported malware infections on internal networks that are used to control critical infrastructure. From the article:
Although the type of malware wasn’t revealed, the report mentions that “the employee routinely used this USB drive for backing up control systems configurations within the control environment,” which could prove to be a loophole hackers could routinely exploit to connect with the most important systems within a power plant. In addition, ICS-CERT said that sophisticated malware was found on two engineering-based workstations that are “critical” to the control of the power station.