Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. Plans to Tighten Nuclear Power Plant Security

Posted by samzenpus on from the don't-come-in-here dept.

CDMA_Demo writes "The 103 nuclear reactors running in USA can voluntarily agree to follow a new 15 page update to a 1996 regulatory guide. The update notes possibility of "unauthorized, undesirable, and unsafe intrusions", and recommends measures aginst such activities. It also recommends such facilities to be cut off from external networks: "Remote access...[that may pose a potential security risk]...should not be implemented". The Slammer worm in 2001 managed to bring down the network at Ohio's David-Besse nuclear plant and concerns kept growing at the United Nations' International Atomic Energy Agency (IAEA)."

3 of 248 comments (clear)

  1. Volunteering... by dilvie · · Score: 4, Insightful

    The fact that it's voluntary makes me a bit nervous. The fact that the suppliment was this long in coming makes me even more nervous.

    --
    MakePassword.com Mp3 Blog
  2. Slammer? by MBCook · · Score: 4, Insightful
    Would someone like to explain to me why the systems (assumingly CRITICAL systems) at a NUCLEAR POWER PLANT are connected to the Internet (and therefor exposed for Slammer) at all? I would think that you would want such stuff to be isolated so that nothing like that could happen. I mean, if you MUST get some data out to the outside world, connect two computers by serial cable. One is connected to the 'net and can only recieve data, the other is connected to the internal network and can only send data. That way NOTHING can get into the system.

    That would be common sense, wouldn't it? I'm not trained in network security, but why would controll systems need to be connected to the 'net?

    PS: I'm ignoring the obvious "Why are you running Windows and not some ultra-hard OpenBSD or RTOS or something".

    --
    Comment forecast: Bits of genius surrounded by a sea of mediocrity.
    1. Re:Slammer? by Dun+Malg · · Score: 4, Insightful
      Would someone like to explain to me why the systems (assumingly CRITICAL systems) at a NUCLEAR POWER PLANT are connected to the Internet

      They aren't. Just like the critical systems for life support aren't. Just like the Ballistic Missile Early Warning System isn't. There are, however, obviously people at the DOD, hospitals, and even nuclear power plants who do the same kind of tedious work done in other places (spreadsheets, memos, powerpoint presentations) and THEIR computers are often connected to the internet. Honestly, I understand why the media likes to make it sound liike the power plant control system crashed because of a virus, but I don't understand why so many people swallow the intimations of the inflamatory headlines.

      --
      If a job's not worth doing, it's not worth doing right.