Cyber Incident Blamed for Nuclear Power Plant Shutdown

["Richard M. Smith" <rms () computerbytesman com>]

http://www.washingtonpost.com/wp-dyn/content/article/2008/06/05/AR2008060501
958_pf.html
 
Cyber Incident Blamed for Nuclear Power Plant Shutdown


By Brian Krebs
washingtonpost.com Staff Writer
Thursday, June 5, 2008; 1:46 PM


A nuclear power plant in Georgia was recently forced into an emergency
shutdown for 48 hours after a software update was installed on a single
computer.

The incident occurred on March 7 at Unit 2 of the Hatch
<http://www.southerncompany.com/southernnuclear/hatch.asp> nuclear power
plant near Baxley, Georgia. The trouble started after an engineer from
Southern  <http://www.southerncompany.com/> Company, which manages the
technology operations for the plant, installed a software update on a
computer operating on the plant's business network. 

The computer in question was used to monitor chemical and diagnostic data
from one of the facility's primary control systems, and the software update
was designed to synchronize data on both systems. According to a report
filed with the Nuclear Regulatory Commission <http://www.nrc.gov/> , when
the updated computer rebooted, it reset the data on the control system,
causing safety systems to errantly interpret the lack of data as a drop in
water reservoirs that cool the plant's radioactive nuclear fuel rods. As a
result, automated safety systems at the plant triggered a shutdown. 

Southern Company spokeswoman Carrie Phillips said the nuclear plant's
emergency systems performed as designed, and that at no time did the
malfunction endanger the security or safety of the nuclear facility. 

Phillips explained that company technicians were aware that there was full
two-way communication between certain computers on the plant's corporate and
control networks. But she said the engineer who installed the update was not
aware that that the software was designed to synchronize data between
machines on both networks, or that a reboot in the business system computer
would force a similar reset in the control system machine.

"We were investigating cyber vulnerabilities and discovered that the systems
were communicating, we just had not implemented corrective action prior to
the automatic [shutdown]," Phillips said. She said plant engineers have
since physically removed all network connections between the affected
servers. 

...

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.