Australian power grid attacked by virus, Linux saves the day
By Joseph L. Flatley 
posted Oct 8th 2009 4:46PM
posted Oct 8th 2009 4:46PM
This isn't the first time we've heard of an institutional virus outbreak -- even the crew of the International Space Station had a neat little scare not too long ago -- and now various outlets in Australia are reporting that Integral Energy, which supplies energy to homes and businesses in New South Wales and Queensland, has suffered a particularly nasty visit by the W32.Virut.CF virus. When all was said and done, the company had to repair all 1000 of the facility's desktops. Furthermore, the Sydney Morning Herald reports that the company's anti-virus software hadn't been updated since at least February. Between the lack of anti-virus updates and the fact that segregation between the company's main network and the grid was "typically none at all" this story has all the makings of a disaster. Luckily, the grid itself runs on Sun Solaris -- and when control systems became infected, how did they fix the mess? That's right: by replacing them with Linux machines. A word to the wise: they do make anti-virus auto-updates for a reason.
[Via The PC Report]
[Via The PC Report]
Linux doesn't get viruses. It kills them.
everything can get a virus unpatched
Not to rain on the linux parade or anything but where exactly in the original story did it say anything about linux replacing anything?
I'm all for secure systems but I couldn't find anywhere besides the insider story that linux was even mentioned and certainly nothing about them "replacing windows machines" to fix the problem.
Nice accurate story checks. I understand, it can take at least a couple of minutes to track the information back to its source and that is clearly far to much time to waste these days purple monkey dishwasher.
@ Annoying poster.
True to an extent. But not that honest.
Kind of like the difference between not putting disinfectant on a minor scratch and playing in medical waste.
Now if you had said that any system can be hacked, I'd agree with you.
@darren
I was with you until purple monkey dishwasher.
Whether it be Interprocess Communication, or just pluggin' ports below 1024 to admin/super user level...
Linux, Solaris, OS X, ... bottom line *nix systems have a proven track record and security model. Period.
Linux isn't compatible with viruses.
I didn't even have to read the source article to figure out that it was misleading, the title should have been 'Australian power grid attacked by virus, old hardware replaced'. The didn't fix anything, just replaced everything with a cost effective solution.
how could they not have an auto-updating anti-virus in place? that's just ridiculous
Agreed. That's absolute insanity. Those admins should be ashamed of themselves and never be allowed to work in a position that gives them any authority over computer security again.
It is common in a corporate environment to not have auto updates on so that you can test the patches before applying them. Not updating since February is just complacent.
Maybe the are using AVG ;-).
http://www.osnews.com/story/20525/AVG_Antivirus_Accidentally_Kills_Windows/
Maybe because of our shitty bandwidth limitations? Maybe that's why they disabled auto-updates. :P
Auto updates can also break working systems, not something you want to happen to a power grid.
Auto-updates on some software may result in the system rebooting itself when it feels like it. On a power-grid control computer, this may not be acceptable.
However, a power-grid control computer should not be on the Internet; at least, not without an industrial-strength firewall that only allows approved, encrypted traffic through.
nom nom nom nom nom... I'z eating ur power toobz
Wasn't there a crazy Anime or something, that when the monster ate electricity it got Bigger and BIGGER, until it was SOO BIG it just ENGULFED ALL LIFE!?!?!
Stop drawing analogies between your mum and anime and buy her a gymn membership.
control system should be isolated and protected, it doesnt matter what OS it uses.
So let's see...we're idiots who don't know how to manage our infrastructure, so when we had a problem, we threw out the safety scissors we cut ourselves with, and replaced them with hedge clippers because we're pretty sure no one bad out there knows how to use hedge clippers...what does it matter that we don't either?
Anyone who thinks this is a win for FOSS/Linux instead of a potential disaster when they screw it up, isn't paying attention to the details of the story.
While you make a good point, the fact still remains that Linux machines are much less likely to be prone to a random virus attacking the network. If I'm correct, the 'virus' was not an attack directed specifically at the Power Company. While using linux machines does not completely eradicate the risk of any sort of network attack, be it a virus, or an attacker, it does greatly decrease the chance that a random virus will take over part of the network.
So, in this case, Linux did help. However, the company still needs to practice better updating of their security- be it Windows or Linux.
Exactly. Responsibilities and tasks in society become harder and in
bigger numbers, while we're becoming lazier and using less common sense.
Linux takes back control-- Would be the right headline here, as the backend runs solaris.
I agree - Solaris saves the day is more like it. Make us Solaris crusty oldies happy for a change - the upstart Linux did nothing to help here! :-)
I have a yoggie gatekeeper card pro. It's a mini linux computer that runs anti-virus and the like. I have the anti virus software paired with it to make a horrible screaming sound ever time it kills a virus. I like to think of it as the virus' last pleas for life.
WTF? Their anti-virus systems should have been auto-updating. What's worse is that when they switch to Linux, the majority will blame Windows, and not themselves for auto-updating. Man, talk about fail.
What's next, the company reporting slow boot speeds on Windows 7 after switching to Lolo Technologies?! *sigh*
Seriously? You think Auto updating anything is a good idea? I hope you're not supporting IT in any important environment.
Virus signatures and OS patches should always be tested before deployment because sods law has it (and I've had it to me too often) that the patch or update will cause some bespoke piece of software to fail or be flagged as a virus. Hell sometimes it happens to the non bespoke software too.
Nothing should go anywhere near your servers or workstations that hasn't been tested.
That said, no updates since February is very dumb, delaying a week for internal testing makes sense (unless it's a nasty virus in which case it should be tested as a high priority before release.) Delaying 8 months is asking for trouble.
I think if you are not going to manually frequently update your anti-virus, then just enable the freakin auto-update function!
no updates since February wtf...
So these geniuses couldn't figure out how to update an antivirus and now they're using Linux instead? Something tells me this won't end well.
better linux than solaris. java = shit
Solaris and Java are two completely unrelated products. The only thing they have in common is the brand behind them.
Annoying Poster's message reminds me of a Phone Call I had with an IT guy of a High School (I work in Tech support):
Customer: I'm not able to open this dialogue box
Me: Oh, ok, what web browser are you using, and which version
Customer: FF 3.5
Me: Cool, do you have Javascript enabled?
Customer: Yep, updated it yesterday
Me: ?
Customer: Its running in the corner "Java Runtime Envornment"
Me: ?! Java and Javascript are two totally different things.
He referred to JavaScript several times in the duration of that phonecall, and also reffered to a web browser as a search engine...
"A word to the wise: they do make anti-virus auto-updates for a reason."
Yes. They are for people who want a false sense of security via the hallucination that anti-virus programs can mitigate security flaws in poorly designed operating systems. For critical infrastructure, the only rational approach is to use a relatively secure operating system, and KEEP AN AIR GAP between those machines and the internet.
"a relatively secure operating system"
Have also been Windows OSes since WinNT :)
A word to the wise: use linux *fixed*
@trevor: lazy admins will hurt your enterprise, no matter the OS of choice.
http://www.builderau.com.au/program/linux/soa/Linux-botnet-discovery-points-to-lazy-administrators/0,339028299,339298642,00.htm
Anti-viruses should not be required (or trusted) to begin with. As htd said, the critical system should not have been on the open network anyway. Regardless, fun to see a story involving a Sun. We use those around here too for the MRI systems.
It's not just about Windows. All software monocultures are bad. It's a good thing Solaris runs the power grid (and really, Windows would be the wrong choice for that application) but it's also in their best interests to have a diverse software environment. Viruses aren't the only threat out there...
If I remember correctly, it might still violate the EULA. I remember a few years back (a few more than that) I was skimming the NT4 licenses and it had a clause in there stating that the software should not be used in a position where human life or critical systems were to be used.
same goes for the EUAL of Mac OS X
Linuxomon I choose you !!!
***penguin shaped thing pops out of laptop***
Slamer Worm Shield now !!
***viruses bounce off to the depths of the ocean***
Great job! Now teach these morons techs Auto-Update !!!!
Annoying Poster, Solaris and Java are unrelated projects.
Oops, meant to reply to another post. :p
Don't you just hate Engadget's commenting system.
Of course Annoying Poster is separate from Java and Solaris.
It's unix based. Not linux based.
You get what you get, and you don't throw a fit.
I surmise their whole organization is like this...
Hey Engadget, Solaris is not the same thing as Linux!
If I'm reading it right, they never said it is. They said the grid itself ran on Solaris, and the control systems ran on windows. They then replaced the control systems with Linux machines.
A company desktop does not equal the Australian power grid. Its possible this virus would have disabled their remote control, but in no way should it affect the power. It seems rather insane not to have the operations network segregated from the enterprise.