Inside Cyber Warfare - Jeffrey Carr [10]
“Slammer worm crashed Ohio nuke power plant” (SecurityFocus, August, 19, 2003)
“The Slammer worm penetrated a private computer network at Ohio’s Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall, SecurityFocus has learned.”
“Cyber Incident Blamed for Nuclear Power Plant Shutdown” (The Washington Post, June 5, 2008)
“A nuclear power plant in Georgia was recently forced into an emergency shutdown for 48 hours after a software update was installed on a single computer. According to a report filed with the Nuclear Regulatory Commission (http://www.nrc.gov/), when the updated computer rebooted, it reset the data on the control system, causing safety systems to errantly interpret the lack of data as a drop in water reservoirs that cool the plant’s radioactive nuclear fuel rods. As a result, automated safety systems at the plant triggered a shutdown.”
“Fed aims to tighten nuclear cyber security” (SecurityFocus, January 25, 2005)
“The US Nuclear Regulatory Commission (NRC) quietly launched a public comment period late last month on a proposed 15-page update to its regulatory guide ‘Criteria for Use of Computers in Safety Systems of Nuclear Power Plants.’ The current version, written in 1996, is three pages long and makes no mention of security.”
“Adherence to the new guidelines would be strictly voluntary for operators of the 103 nuclear reactors already running in the US—a detail that irks some security experts. In filed comments, Joe Weiss, a control systems cyber security consultant at KEMA, Inc., argued the regulatory guide shouldn’t be limited to plant safety systems, and that existing plants should be required to comply.”
“‘There have been numerous cases of control system cyber security impacts including several in commercial nuclear plants,’ Weiss wrote. ‘Many nuclear plants have connected their plant networks to corporate networks making them potentially vulnerable to cyber intrusions.’”
“Congressmen Want Explanation on Possible Nuclear Power Plant Cyber Security Incident” (SC Magazine, May 21, 2007)
“US Rep. Bennie G. Thompson, D-Miss., chairman of the House Committee on Homeland Security, and Rep. James R. Langevin, D-R.I., chairman of the Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, have asked Dale E. Klein, chairman of the US Nuclear Regulatory Commission (NRC), to investigate the nation’s nuclear cybersecurity infrastructure.
They said a cybersecurity ‘incident’ resembling a DoS attack on Aug. 19, 2006 left the Browns Ferry Unit 3 nuclear power facility in northern Alabama at risk.”
Besides the risks posed by various malicious attacks, both real and projected, a further complication that must be considered is the significant age of most of our nuclear power plants and how difficult it will be to rid a legacy network of a virus.
In a speech at the 2006 American Nuclear Society Winter Meeting, Nuclear Regulatory Committee Commissioner Peter B. Lyons recounted how, as he visited many of the US nuclear power plants, he was struck by the number that still use “very old analog instrumentation.” Keep in mind that this was just a few years ago.
Now imagine the complexity involved in returning an infected machine back to a trustworthy state. If there’s a known good source available, a reinstall should work; however, do these antiquated systems even have a known good source? How does a nuclear power plant take all of its critical systems offline? Much of the software used in critical infrastructures in the United States were custom-made one-off versions. After infection occurs, the likelihood of a kernel-level rootkit remaining on the machine is worrisome at best, and catastrophic at worst.
The Conficker Worm: The Cyber Equivalent of an Extinction Event?
Perhaps the most obvious frightening aspect of Conficker C is its clear potential to do harm. Among the long history of malware epidemics, very few can claim sustained worldwide