alphaspirit - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Are Conficker malware infections of ICS or SCADA systems a threat?

Conficker malware was found in a German nuclear power plant computer system. Expert Nick Lewis explains the possible impact of malware infections of ICS and SCADA systems.

Viruses, including W32.Ramnit and Conficker, were found in a German nuclear power plant computer system. Mikko Hypponen, chief research officer for F-Secure, stated that these types of malware infections usually were not of major concern, citing a similar situation with Android phone malware being passed on to plane cockpit computers through connections to USB ports. But what hazards could these types of malware infections pose? Can Android malware infections, for example, have adverse effects on other types of systems or devices? And if so, what steps should organizations take to prevent these possible outcomes?

The Conficker malware will continue to stay in the news for the next decade, and other malware and network worms with long lifetimes will continue to be detected targeting devices for the foreseeable future. This is more because of the sad state of information security than Conficker being sophisticated malware. Conficker malware showing up in a power plant or malware in an industrial control system (ICS), such as an airplane's internal systems, isn't surprising Hypponen stated.

The impact from older malware on systems may be less than when it was first released, since the command-and-control system might not still be in operation, targeted dates may have passed or targeted data might not be present. The intended target of the Conficker malware is unlikely to be an ICS or supervisory control and data acquisition (SCADA) system. While the risk for data loss or financial fraud is less, there could be unintended consequences for a malware infection. Malware could cause the system to become unstable, crash or prevent the system from running the mission critical software. Even if the infected ICS isn't impacted, it could infect other systems or devices that come in contact with the ICS and potentially cause them problems.

Enterprises could prevent older viruses like the Conficker malware by running antimalware tools, but will need to plan for how the tool gets updated definitions, since it might not have internet access. Locking the system down with a whitelisting tool to prevent unapproved files from executing, and using a host-based firewall that only allows specific executables to access certain systems can also help prevent these types of malware. ICS and SCADA systems may have some advantages over general purpose systems, because they can have all their unneeded functionality removed or disabled so they can't be exploited.

Ask the Expert: Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

Next Steps

Find out if more industrial control systems are likely to suffer cyberattacks

Learn about the U.K. institute working on better ICS cyberdefenses

Discover if U.S. utility companies are at risk for BlackEnergy malware attacks

This was last published in September 2016

Dig Deeper on Malware, virus, Trojan and spyware protection and removal