[ISN] Cyber Incident Blamed for Nuclear Power Plant Shutdown

From: InfoSec News (alerts@private)
Date: Thu Jun 05 2008 - 22:28:34 PDT


By Brian Krebs
washingtonpost.com Staff Writer
June 5, 2008

A nuclear power plant in Georgia was recently forced into an emergency 
shutdown for 48 hours after a software update was installed on a single 

The incident occurred on March 7 at Unit 2 of the Hatch nuclear power 
plant near Baxley, Georgia. The trouble started after an engineer from 
Southern Company, which manages the technology operations for the plant, 
installed a software update on a computer operating on the plant's 
business network.

The computer in question was used to monitor chemical and diagnostic 
data from one of the facility's primary control systems, and the 
software update was designed to synchronize data on both systems. 
According to a report filed with the Nuclear Regulatory Commission, when 
the updated computer rebooted, it reset the data on the control system, 
causing safety systems to errantly interpret the lack of data as a drop 
in water reservoirs that cool the plant's radioactive nuclear fuel rods. 
As a result, automated safety systems at the plant triggered a shutdown.

Southern Company spokeswoman Carrie Phillips said the nuclear plant's 
emergency systems performed as designed, and that at no time did the 
malfunction endanger the security or safety of the nuclear facility.

Phillips explained that company technicians were aware that there was 
full two-way communication between certain computers on the plant's 
corporate and control networks. But she said the engineer who installed 
the update was not aware that that the software was designed to 
synchronize data between machines on both networks, or that a reboot in 
the business system computer would force a similar reset in the control 
system machine.

"We were investigating cyber vulnerabilities and discovered that the 
systems were communicating, we just had not implemented corrective 
action prior to the automatic [shutdown]," Phillips said. She said plant 
engineers have since physically removed all network connections between 
the affected servers.

Computer security experts say the Hatch plant incident is the latest 
reminder of problems that can occur when corporate computer systems at 
the nation's most critical networks are connected to sensitive control 
systems that were never designed with security in mind.


Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

This archive was generated by hypermail 2.1.3 : Thu Jun 05 2008 - 22:31:13 PDT