Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT

U.S. Plans to Tighten Nuclear Power Plant Security 248

CDMA_Demo writes "The 103 nuclear reactors running in USA can voluntarily agree to follow a new 15 page update to a 1996 regulatory guide. The update notes possibility of "unauthorized, undesirable, and unsafe intrusions", and recommends measures aginst such activities. It also recommends such facilities to be cut off from external networks: "Remote access...[that may pose a potential security risk]...should not be implemented". The Slammer worm in 2001 managed to bring down the network at Ohio's David-Besse nuclear plant and concerns kept growing at the United Nations' International Atomic Energy Agency (IAEA)."
This discussion has been archived. No new comments can be posted.

U.S. Plans to Tighten Nuclear Power Plant Security

Comments Filter:
  • by wot.narg ( 829093 ) <wot,narg&gmail,com> on Wednesday January 26, 2005 @09:29PM (#11487870) Homepage
    You know you got owned when someone cracked your power plant and the fuel rods spell "owned" in binary.
  • Volunteering... (Score:5, Insightful)

    by dilvie ( 713915 ) on Wednesday January 26, 2005 @09:30PM (#11487879) Homepage Journal
    The fact that it's voluntary makes me a bit nervous. The fact that the suppliment was this long in coming makes me even more nervous.
    • Re:Volunteering... (Score:2, Interesting)

      by kiore ( 734594 )
      "The fact that it's voluntary makes me a bit nervous"

      It's a draft. They're suggesting that everyone starts conforming now, instead of waiting until it's approved and made mandatory. Surely this is a good thing.

      I agree with you that it's scary that this has come so late though.

      What's the population of Chernobyl these days?

      • Re:Volunteering... (Score:3, Interesting)

        by sketerpot ( 454020 ) *
        I agree with you that it's scary that this has come so late though.

        What's the population of Chernobyl these days?

        Very low, due to a very poorly designed reactor, a shutdown of the insufficient safety systems, and a government that didn't care about its people. None of those conditions exists in US nuclear power plants.

        Safety upgrades in nuclear power plants happen whenever somebody messes up, so that they don't mess up in the same way again. This upgrade is nothing surprising.

        • Re:Volunteering... (Score:2, Insightful)

          by crummynz ( 818547 )
          Safety upgrades in nuclear power plants happen whenever somebody messes up, so that they don't mess up in the same way again. This upgrade is nothing surprising.

          I prefer it when they perform a safety upgrade before someone messes up...
        • Re:Volunteering... (Score:3, Informative)

          by Keruo ( 771880 )
          > due to a very poorly designed reactor, a shutdown of the insufficient safety systems, and a government that didn't care about its people.
          What exactly was wrong with the reactor design with Chernobyl?
          ~70 percent of worlds nuclear reactors are almost identical to the Chernobyl reactor, only difference being that no-one is running unauthorized experiments with all safety precautions manually overridden on those still active.

          > None of those conditions exists in US nuclear power plants.
          Are you wi
          • Re:Volunteering... (Score:5, Informative)

            by ArsenneLupin ( 766289 ) on Thursday January 27, 2005 @02:56AM (#11490045)
            What exactly was wrong with the reactor design with Chernobyl?

            • No containment (outer shell): once the reactor itself is burst, the radioactive material is out in the open, whereas in western designs, there is still an outer shell.
            • Unsafe RBMK [globalsecurity.org] design, which has a huge positive void coefficient [wikipedia.org], i.e. it is (mis)designed in such a way that when the cooling water in the primary circuit starts boiling, the nuclear reaction accelerates... with predictable consequences. Most western designs have a slightly negative void coefficient (boiling water leads to slowdown of reaction), which makes the design intrinsically safer.
            • Re:Volunteering... (Score:3, Informative)

              by lbrt ( 625194 )
              No containment (outer shell): once the reactor itself is burst, the radioactive material is out in the open, whereas in western designs, there is still an outer shell.

              Years ago I did some research on Chernobyl accident and remember reading that there was a concrete containment shell, but it blew up with the reactor. Most of the sites I now found by googling repeat the statement that there was no containment shell, but at least this site [motherearthnews.com] claims the opposite: "2. Despite official statements made in the U.S
              • Re:Volunteering... (Score:3, Informative)

                by Anonymous Coward
                Sorry, your source is wrong. There are a lot of sources with inaccuracies about the Chernobyl incident due to the USSR's lack of glastnos. I've done a great deal of research on the accident and the RMBK 1000 design used in Unit 4. There was never any containment structure as it was seen as a waste of money since the Soviet government made sure that the people believed in the design's infallibility as they've never heard of any problems with the plant including the positive void coefficient causing the react
        • Re:Volunteering... (Score:3, Interesting)

          by sporktoast ( 246027 )

          [...]

          a very poorly designed reactor, a shutdown of the insufficient safety systems, and a government that didn't care about its people. None of those conditions exists in US nuclear power plants.

          That's [ucsusa.org] because [nirs.org] US [corrosion-doctors.org] reactors [animatedsoftware.com] are [ems.org], of [ohiocitizen.org] course [nrc.gov], models [ohiocitizen.org] of [nrc.gov] safe [doe.gov] design [cleveland.com] and [ucsusa.org] operation [toledoblade.com].

    • The fact that the suppliment was this long in coming makes me even more nervous.

      Everyone and their brother have been concerned about security at Nuclear plants since (and even before) 9/11.

      If a terrorist organization wanted to cause a spectacular level level of chaos and death, bombing a nuclear power plant is towards the top of the list.

      This is a good indicator that the Bush Administration is incompetent, or really isn't concerned with your security. I like how they kept talking about Dirty Bombs and d
      • I like how they kept talking about Dirty Bombs and duct tape, but neglected these few huge glaring targets.

        They were not ignored.

        What you're looking at is a document describing various tactics that could be used to enhance security. It is by no means the only step that has been taken.

        First off, most of the security measures were taken DURING CONSTRUCTION of these plants. A bomb was, of course, a major concern, and these facillities were built with that in mind. Nothing is bomb-proof, but nuclear power p
      • You, sir, have succinctly vocalized the basis
        for my conspiracy theory ...

        To wit:

        The 1st Dubya administration streamlined entry
        into the USA of Saudi nationals with the State
        Department's "VISA Express" program.

        The Saudi embassy in Washington (DC) pulled
        more than $30M USD in cold cash from Riggs
        Bank between 01/00 and 01/2002, which they
        have not accounted for. (Riggs was fined.)

        While all US aircraft were grounded just after
        9-11-2001, the Saudi's (with Dubya's approval)
        chartered aircraft to evacuate more tha

      • Top of the list maybe, but what would they use to attack them? The containment domes are designed to withstand airliners, and the nuclear waste is its own best defense. You can't just walk in and grab some and walk you, you wouldn't make it 50 feet before the radiation killed you.

        What exactly is your plausible scenario of attack? Something that doesn't rely on the terrorists having an organized military (no military strike craft, no tanks, no month long occupation to extract the materials.....), in short,
      • A high lieutenant of Bin Laden was caught in Afghanistan and was "debriefed" in Gitmo. He was the same guy who lied and had everyone in a tiff about the Golden Gate Bridge a few years back. Anyway, he said that he could have crashed the hijacked 9/11 planes into the nuclear reactor at Indian Point, NY. It was just that Bush would have nuked the Middle East if that happened.

        Bin Laden was convinced that Americans were cowards that would leave if there was just a conventional mass casualty attack against thei
    • An anecdote. (Score:5, Interesting)

      by glrotate ( 300695 ) on Wednesday January 26, 2005 @10:21PM (#11488234) Homepage
      My uncle is a security guard at a nuclear power plant. He is 59 years old and his occupation before nuclear powerlant security guard was truck driver. He is the most honest and trusworthy man you will ever meet, but he is 59 years old and had a triple bypass last year.

      Delta Force operators come on an occasional announced, i.e. they know they're coming, basis to try to infiltrate. Supposedly they have succeeded every time.
  • by The-Bus ( 138060 ) on Wednesday January 26, 2005 @09:31PM (#11487886)
    This, the week after a similar weakness* is shown on 24?

    Remember to always question policy this way: WWJBD? What Would Jack Bauer Do?

    That is all.

    * Yes I know, it's TV.
    • It's about time people got another source other than Tom Clancy books for their ideas on destroying the world.
    • My thoughts exactly.

      There is one simple answer to WWJBD: whatever the fuck is necessary.
    • This, the week after a similar weakness* is shown on 24?

      Yes, and the spooky part about this: Remember how 24 started this season? Train derailment? Car on the tracks?

      I have a feeling Juan Manuel Alvarez was after some device in Glendale, CA this morning.

      (Okay, I'm joking - but what was weird --- when I heard about the train derailment - the first thing I thought about was a terrorist plot!! Uhoh)

  • by laughingcoyote ( 762272 ) <barghesthowl@eUM ... .com minus punct> on Wednesday January 26, 2005 @09:31PM (#11487888) Journal

    That MAYBE, they would've done this, oh I don't know, say in October of 2001?

    But silly me, what do I know about national security. Here I still think it's better to make less enemies than more.

    • by i41Overlord ( 829913 ) on Wednesday January 26, 2005 @10:37PM (#11488380)
      But silly me, what do I know about national security. Here I still think it's better to make less enemies than more.

      Exactly. You know nothing of national security.

      You see, what you are supposed to do is piss off most of the world, and when they start coming after you, ignore it. After you've been hit a couple times, declare your patriotism and implement strict new laws which ironically only limit the legal citizens in your country. Then to top it off, you enact a few meaningless laws which limit people's mobility but makes the dumbest 51% of the population feel more secure.

      After that, declare the war "won" and go about your way. It's time to piss off more countries my friend...
      • Oh, and while I'm doing that, I'm supposed to take over 3 years to implement a real, meaningful security measure, since that might involve telling a -corporation- what to do.

        Why you know, I think I'm learning this whole "national security" thing. Maybe I'll put in a resume for the Cabinet position...

  • And this, just in time to coincide with a current plot point / terrorist threat in 24 [fox.com]!

    Don't get any big ideas, the government has got us covered.

  • I'm for this.
  • Slammer? (Score:5, Insightful)

    by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Wednesday January 26, 2005 @09:35PM (#11487918) Homepage
    Would someone like to explain to me why the systems (assumingly CRITICAL systems) at a NUCLEAR POWER PLANT are connected to the Internet (and therefor exposed for Slammer) at all? I would think that you would want such stuff to be isolated so that nothing like that could happen. I mean, if you MUST get some data out to the outside world, connect two computers by serial cable. One is connected to the 'net and can only recieve data, the other is connected to the internal network and can only send data. That way NOTHING can get into the system.

    That would be common sense, wouldn't it? I'm not trained in network security, but why would controll systems need to be connected to the 'net?

    PS: I'm ignoring the obvious "Why are you running Windows and not some ultra-hard OpenBSD or RTOS or something".

    • Re:Slammer? (Score:3, Informative)

      I remember reading the article and that somewhere down the line it said that it was workstations that went down, not anything related to power generation capabilities or plant safety. Maybe someone can find a link to that article about that particular incident, but as I recall the facts of the article were far less, uh, scandalous than the headline.
    • Re:Slammer? (Score:5, Insightful)

      by Dun Malg ( 230075 ) on Wednesday January 26, 2005 @09:55PM (#11488056) Homepage
      Would someone like to explain to me why the systems (assumingly CRITICAL systems) at a NUCLEAR POWER PLANT are connected to the Internet

      They aren't. Just like the critical systems for life support aren't. Just like the Ballistic Missile Early Warning System isn't. There are, however, obviously people at the DOD, hospitals, and even nuclear power plants who do the same kind of tedious work done in other places (spreadsheets, memos, powerpoint presentations) and THEIR computers are often connected to the internet. Honestly, I understand why the media likes to make it sound liike the power plant control system crashed because of a virus, but I don't understand why so many people swallow the intimations of the inflamatory headlines.

      • Would someone like to explain to me why the systems (assumingly CRITICAL systems) at a NUCLEAR POWER PLANT are connected to the Internet ... They aren't. ... I don't understand why so many people swallow the intimations of the inflamatory headlines.

        But they are. You need to read the fine Security Focus article again, but I'll quote the worst parts for you.

        The T1 line, investigators later found, was one of multiple ingresses into Davis-Besse's business network ... From the business network, the worm [s

    • The Main Plant Computer System at my nuke plant doesn't actually do anything but monitor system parameters. It cannot cause the plant to do anything. It's very handy, but not vital to safety at all. I'd imagine other plants are set up the same.

      Solid state logic systems do run the safety systems, but there's no way to interface with them besides the physical controls that are directly connected to them.
    • Money.

      Many of these systems used to be on private networks built from dedicated leased data lines. That was expensive.

      One day, some bright person discovered that they could save a ton of money by switching to a public network. Management said "Hot Shit! Another vacation home in the Alps!" and it was done.

  • Regardless of what OS you run mission-critical systems on (though I would in this instance strongly advise against Windows), there really is no reason whatsoever to open it up to an external network. None at all. Physical attack is bad enough, you don't need to leave another door open.
    • Were they mission critical systems for operating the plant, or the "corporate LAN" where people get their e-mail and such for corporate functions?
      • The article mentioned this. The plant wasn't functioning at the time, and I think it took down one of the safety monitoring systems (that had other backups, I would imagine). Perhaps the system was such that you could check the safety status online, causing it to be exposed... *shrug* Still, not a task for Windows, if you ask me... same with running a car, etc.
  • by GnomeAttic ( 97126 ) on Wednesday January 26, 2005 @09:40PM (#11487971) Homepage
    What follows is the transcript of a conversation that took place between a top US defense official and his wife after watching this week's episode of Fox's popular drama 24.

    Wife: It's a good thing the real nuclear power plants don't allow remote access! Man what fanciful terror alert situation will those 24 writers think of next?

    Official: Uh...

  • External Networks? (Score:3, Insightful)

    by tmhsiao ( 47750 ) on Wednesday January 26, 2005 @09:43PM (#11487990) Homepage Journal
    The Slammer worm in 2001 managed to bring down the network at Ohio's David-Besse nuclear plant and concerns kept growing at the United Nations' International Atomic Energy Agency (IAEA).

    Umm, why the hell would a self-contained/self-sustaining system need to be connected to an external network in the first place?

    Sorry, you work at a Nuclear Power Plant? Check your frelling AOL/Yahoo/Hotmail e-mail on your own damn computer, on your own damn time.
    • Umm, why the hell would a self-contained/self-sustaining system need to be connected to an external network in the first place?

      Sorry, you work at a Nuclear Power Plant? Check your frelling AOL/Yahoo/Hotmail e-mail on your own damn computer, on your own damn time.


      The self-contained/self-sustaining system isn't connecting externally.

      The only computers at power plants that are capable of connecting to the internet are in no way capable of contacting a core system. Employees are encouraged to get there work
      • They weren't externally connected, however, they did have a leased line to a contractor. The contractor was externally connected and became infected, the virus spread across the leased line.

        The system affected was a computer running a digital readout. It froze from resource starvation. Analog gauges and other safety systems continued to work fine.
        • In my definition, having a network connection to a contractor that is connected to the Internet is being externally connected. According to your logic, my computer at home isn't externally connected, it just has a line to my ISP...and they just happen to be connected.

          Trust no one. Not even yourself.
          • To be honest, I agree. You're right. The connections exist. The difference between the two situations, however, is that your traffic is able to pass unhindered between your computer and a computer on the internet.

            In the case of the nuclear plant, it was requisite for the virus to infect the host at the contractors site to leap frog to the plant. The nuclear power plant's computers were not routed to the internet.

            As I said, I agree with you; the situation is inexcusable. I only reply to save face and clari
    • I'm gonna tell you a secret. People at the PENTAGON (you know, that big building where most of our nation's defense stuff is done?) check their AOL/Yahoo/Hotmail e-mail and more at work.

      Its really not that big of a deal. Same goes for at this place. The amount of damage possible to inflict this way is relatively minimal.
  • Oh well... (Score:2, Interesting)

    I once was able to tour the nuclear power plant [consumersenergy.com] in Charlevoix, MI, before they decommissioned. I was a little fella at the time.

    Looks like that kind of educational oppertunity won't be happening as frequently, now. IIRC, that was the first tour they'd given since the plant was opened. That gives you a sense of perspective as to how common such oppertunities are.

    Though other plants may perhaps hold more frequent tours, I doubt few outsiders will get to see the turbines and dynamos of an operational plant
    • Re:Oh well... (Score:4, Interesting)

      by Capt'n Hector ( 650760 ) on Wednesday January 26, 2005 @10:31PM (#11488339)
      I was given the rare opportunity to tour a reasearch reactor up in Sacramento, CA... it was used primarily to test aircraft parts by bombarding them with radioactive particles, to see how they would put up with the stresses of the upper atmosphere. Since it was a lower power reactor, we could do some crazy things like:

      • Walk into the reactor chamber
      • Look down into the core (it was glowing blue, by the way)
      • Reach out and jangle the control rods
      • Dip our feet in the blue-glowing water.

      Pretty freaking cool, imo.

      • I thought my visit to Dodewaard (a 60 MW research reactor) was cool. We stood on the concrete slab that's on top of the reactor vessel, visited the control room, etc. But I bow to your superior experience [insert "we're not worthy" smiley here].
  • by ortcutt ( 711694 ) on Wednesday January 26, 2005 @09:52PM (#11488048)
    I guess he won't be able to work from home in his muumuu.
  • Re: (Score:2, Interesting)

    Comment removed based on user account deletion
  • Why the heck are they running windows on nuclear power plants! "I just got the Blue Screen of Death." "Well, there went Texas!"
    • First, they aren't running Windows on the control systems, they're running it on various noncritical PCs. Second, even if they were running Windows on the control systems and it went BSOD, there are still many many layers of redundant safety systems that need to fail in various ludicrously unlikely (and completely seperate) ways. Third, the worst that could happen is a meltdown followed by nuclear waste cleanup. Nuclear plants simply cannot go off like A-bombs, since they lack the right fuel mixture and des
  • That'd be Davis-Besse. [doe.gov]

  • This have anything to do with today's release of radioactives in FL?
  • You can feel safe, knowing that your government plans to make nuclear power plants less vulnerable against attacks from the Internet.

    It's like they were planning to find weapons of mass destruction in Iraq, or they were trying to catch Osama Bin Laden in Afghanistan. Another example of ineffectivity and paralyzed work, three years after a serious security incident...
  • Weakest Link (Score:2, Insightful)

    Increased Security at Nuclear Power Plants is all well and good but I for one would like to see increased security in the following areas as well or instead

    1) All US international shipping ports: plenty of room for trouble there (the Sum of All Fears, anyone?)
    2) Water/Sewage treatment plants: one of the best ways to spread pathogens (or scare a whole lot or ppl)
    3) Major Power line junctions to help prevent another power outage like the one we had thew hit most of the Northeast in 2003 (thanks, Ohio!)
    4) the
  • by deft ( 253558 ) on Wednesday January 26, 2005 @10:03PM (#11488103) Homepage
    I was just watching a 24 hour news update, and apparently the internet boradcast of the execution of a US Secretary Heller was a coverup for an attack on a US nuclear base firewall.

    This all in an attempt to use a remote control system developed for nuclear installations in case of a radiation leak or disaster.

    It's no suprise... not like there wasn't a nuke detonated in the desert all those years ago. About time they wake up.
  • Infection (Score:3, Funny)

    by Fuzzums ( 250400 ) on Wednesday January 26, 2005 @10:08PM (#11488126) Homepage
    Nuclear powerplant meltdown after lexus drive-by bluetooth infection.
  • by Zalgon 26 McGee ( 101431 ) on Wednesday January 26, 2005 @10:13PM (#11488163)
    This Man [jeffpinard.com] has been fired...
  • "concerns kept growing at the United Nations' International Atomic Energy Agency (IAEA)"

    are that Bush still wants to get rid of ElBaradei in order to pull off another pile of bullshit about Iran's "WMDs".

    Fortunately the rest of the world - including the "Bush poodle" Blair - aren't going along with it.

    • are that Bush still wants to get rid of ElBaradei in order to pull off another pile of bullshit about Iran's "WMDs".

      Fortunately the rest of the world - including the "Bush poodle" Blair - aren't going along with it.


      Reality check. No one is exactly happy with El Baradei, and no one is happy with the current WMD proliferation situation. No one really has a good answer on how to stop proliferation because once a nation has nuclear weapons, they have the only real protection against foreign military powers

      • Reality check.

        ElBaradei is supported by the UN and virtually every nation in the world except the US.

        A recent article said that even the US's closest allies - Australia and Britain - BOTH refused to support the US attempt to get rid of him.

        The reason the US doesn't like him is because he refuses to fudge evidence that Iran has nuclear weapons and he has pointed out that Israel needs to be inspected for its nuclear arsenal.

        Bush is presently flying US military aircraft into Iranian airspace to probe their
  • As with many other things, why not just build the damn things more securely to begin with. There's videos of mockup plants absorbing a fighter jet impact. It seems to me though they've done less to protect the plants from physical attack from ground level. Though I'm sure, the government has hidden such secrets well from the public if there are other 'measures'. Frankly, I don't care to know.

    I don't much care if a local gun store is built like Fort Nox. I do expect nuclear facilities, chemical, explosive,
    • It seems to me though they've done less to protect the plants from physical attack from ground level.

      What would you do? Surround the installation with an army camp, and have perimeter guards with machine-gun nests and tanks?
  • by kf6auf ( 719514 ) on Wednesday January 26, 2005 @10:51PM (#11488517)

    I even worked in IT. Here is how it works (at least at the one I worked at): all of the software that actually runs the plant is over 25 years old (and therefore does not run Windows). It runs some obscure custom shit, not that obscurity is efficient at security, but I guess it kinda helps. Yes, the computers used by the Secretaries, the Maintenance staff, the Managers, etc. all run Windows. The servers ran Red Had 7.3. This is all fluff. If this breaks or gets corrupted one of two things happens to the reactor: 1. Nothing or 2. Nothing. There are two ways the the system is electrically connected to the outside world, and both of them are through high voltage power lines, which cannot really be used to send data in to break things. If you want to break something, you need to physically be there to do it.

    If you work in a nuclear power plant, you are going to continue to do everything you can think of to make it even harder for someone to sabotage the place. Physically, this includes multiple walls, gates, barricades, guns, and more to protect the containments. From a procedural standpoint, this means anyone who wants to get on-site gets ran through a database to check your history, after getting an employee escort. Anyone who wants to get into the protected area gets personally approved after a more in depth background check, and a heck of a lot of red tape.

    If you are just Joe Public (no offense), you have a much higher chance of dying in a car accident so I wouldn't worry about this.

    And No, I didn't RTFA, but I figured as long as my comment was more useful than the rest of them (read: references to 24), I figured this comment would be helpful.

  • physical security? (Score:3, Informative)

    by Triv ( 181010 ) on Wednesday January 26, 2005 @10:53PM (#11488526) Journal
    unauthorized, undesirable, and unsafe intrusions...

    This is anecdotal, but minorly noteworthy - My mom used to work for the company that owned and operated Three Mile Island - the (physical) security was intense: the perimeter was ringed by towers manned by security offers with rifles and a 'no warning shot' policy - you approached the perimeter from an undesignated direction and you got shot, period.

    I still have one of the security force's hats, says "TMI Rapid Response Team" and has a crosshairs in the middle.

    Triv

  • by i41Overlord ( 829913 ) on Wednesday January 26, 2005 @10:54PM (#11488533)
    Is that a fuel rod in your pocket or are you just happy to see me?
  • In the "Foundation and empire" Asimov depicts the de clining Galactic Empire, where they decide to restrict use of nuclear energy when there was a shortage of competent techincans. Not to rise salaries, not to start education programs - just close down some nuclear plants and leave surroundings without energy.

    Idea to cut the nuclear plants from external networks looks quite simular.

God made the integers; all else is the work of Man. -- Kronecker

Working...