In a headline that would make Jack Bower proud a German nuclear power plant identified viruses on their office computers.
Fortunately the control systems for the plant were air gapped from the office computers with no means of direct connection to the internet. However the viruses were found on USB sticks used to move rod modelling data around the plant.
It isn’t believed that any of the viruses are targeted at the plant in a destructive capacity but rather general malicious programs to steal data.
While there is no suggestion that the USB devices would ever have cross the air gap and infect the control systems, it has highlighted that an air gap is not a panacea for removing IT risk.
From a GRC standpoint cyber risk is getting more targeted and most experts are predicting a move from disruptive attacks to destructive attacks. Although the idea of a nuclear meltdown might be something for TV and movies. Shutting down Germany’s highest output power station for a few days would certainly have economic repercussions. Criminal enterprise and nation state cyber attacks are becoming more sophisticated and targeted, if you are big enough or important enough you will be on the radar for these types.
You can read more about this story on the BBC http://www.bbc.co.uk/news/technology-36158606