U.S. Plans to Tighten Nuclear Power Plant Security

CDMA_Demo writes "The 103 nuclear reactors running in USA can voluntarily agree to follow a new 15 page update to a 1996 regulatory guide. The update notes possibility of "unauthorized, undesirable, and unsafe intrusions", and recommends measures aginst such activities. It also recommends such facilities to be cut off from external networks: "Remote access...[that may pose a potential security risk]...should not be implemented". The Slammer worm in 2001 managed to bring down the network at Ohio's David-Besse nuclear plant and concerns kept growing at the United Nations' International Atomic Energy Agency (IAEA)."

Volunteering...

[dilvie]

The fact that it's voluntary makes me a bit nervous. The fact that the suppliment was this long in coming makes me even more nervous.

Wouldn't you think...

[laughingcoyote]

That MAYBE, they would've done this, oh I don't know, say in October of 2001?

But silly me, what do I know about national security. Here I still think it's better to make less enemies than more.

Re:Wouldn't you think...

[i41Overlord]

But silly me, what do I know about national security. Here I still think it's better to make less enemies than more.

Exactly. You know nothing of national security.

You see, what you are supposed to do is piss off most of the world, and when they start coming after you, ignore it. After you've been hit a couple times, declare your patriotism and implement strict new laws which ironically only limit the legal citizens in your country. Then to top it off, you enact a few meaningless laws which limit people's mobility but makes the dumbest 51% of the population feel more secure.

After that, declare the war "won" and go about your way. It's time to piss off more countries my friend...

Slammer?

[MBCook]

Would someone like to explain to me why the systems (assumingly CRITICAL systems) at a NUCLEAR POWER PLANT are connected to the Internet (and therefor exposed for Slammer) at all? I would think that you would want such stuff to be isolated so that nothing like that could happen. I mean, if you MUST get some data out to the outside world, connect two computers by serial cable. One is connected to the 'net and can only recieve data, the other is connected to the internal network and can only send data. That way NOTHING can get into the system.

That would be common sense, wouldn't it? I'm not trained in network security, but why would controll systems need to be connected to the 'net?

PS: I'm ignoring the obvious "Why are you running Windows and not some ultra-hard OpenBSD or RTOS or something".

Re:Slammer?

[Dun+Malg]

Would someone like to explain to me why the systems (assumingly CRITICAL systems) at a NUCLEAR POWER PLANT are connected to the Internet

They aren't. Just like the critical systems for life support aren't. Just like the Ballistic Missile Early Warning System isn't. There are, however, obviously people at the DOD, hospitals, and even nuclear power plants who do the same kind of tedious work done in other places (spreadsheets, memos, powerpoint presentations) and THEIR computers are often connected to the internet. Honestly, I understand why the media likes to make it sound liike the power plant control system crashed because of a virus, but I don't understand why so many people swallow the intimations of the inflamatory headlines.