Slashdot Mirror
U.S. Plans to Tighten Nuclear Power Plant Security
CDMA_Demo writes "The 103 nuclear reactors running in USA can voluntarily agree to follow a new 15 page update to a 1996 regulatory guide. The update notes possibility of "unauthorized, undesirable, and unsafe intrusions", and recommends measures aginst such activities. It also recommends such facilities to be cut off from external networks: "Remote access...[that may pose a potential security risk]...should not be implemented". The Slammer worm in 2001 managed to bring down the network at Ohio's David-Besse nuclear plant and concerns kept growing at the United Nations' International Atomic Energy Agency (IAEA)."
You know you got owned when someone cracked your power plant and the fuel rods spell "owned" in binary.
Roses are red
Violets are blue
In Soviet Russia
Poems write you!
The fact that it's voluntary makes me a bit nervous. The fact that the suppliment was this long in coming makes me even more nervous.
MakePassword.com Mp3 Blog
This, the week after a similar weakness* is shown on 24?
Remember to always question policy this way: WWJBD? What Would Jack Bauer Do?
That is all.
* Yes I know, it's TV.
Small potatoes make the steak look bigger.
That MAYBE, they would've done this, oh I don't know, say in October of 2001?
But silly me, what do I know about national security. Here I still think it's better to make less enemies than more.
To fight the war on terror, stop being afraid.
That would be common sense, wouldn't it? I'm not trained in network security, but why would controll systems need to be connected to the 'net?
PS: I'm ignoring the obvious "Why are you running Windows and not some ultra-hard OpenBSD or RTOS or something".
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
You can't say nuclear That really scares me Sometimes a brain can Come in quite handy.
Please google for the string "dirty bomb".
To fight the war on terror, stop being afraid.
What follows is the transcript of a conversation that took place between a top US defense official and his wife after watching this week's episode of Fox's popular drama 24.
Wife: It's a good thing the real nuclear power plants don't allow remote access! Man what fanciful terror alert situation will those 24 writers think of next?
Official: Uh...
The guy with his finger on the nukyalur button can't even say "nuclear". Think about that one before bed tonight.
To fight the war on terror, stop being afraid.
The Slammer worm in 2001 managed to bring down the network at Ohio's David-Besse nuclear plant and concerns kept growing at the United Nations' International Atomic Energy Agency (IAEA).
Umm, why the hell would a self-contained/self-sustaining system need to be connected to an external network in the first place?
Sorry, you work at a Nuclear Power Plant? Check your frelling AOL/Yahoo/Hotmail e-mail on your own damn computer, on your own damn time.
"My God...It's full of ads!" -Fry, about the Internet, Futurama
I once was able to tour the nuclear power plant in Charlevoix, MI, before they decommissioned. I was a little fella at the time.
Looks like that kind of educational oppertunity won't be happening as frequently, now. IIRC, that was the first tour they'd given since the plant was opened. That gives you a sense of perspective as to how common such oppertunities are.
Though other plants may perhaps hold more frequent tours, I doubt few outsiders will get to see the turbines and dynamos of an operational plant.
tasks(723) drafts(105) languages(484) examples(29106)
- Revamp the rail network; it's currently in a state where it can't service the whole country.
- Electrify the entire rail network.
- Electrify city streets in New York, Chicago, San Francisco, etc. (in the form of overhead power lines).
- Replace all the diesel/petrol burning trucks with trains (for inter-city transport) or electric trucks (for intra-city transport).
- Replace all private cars with electric cars.
- Introduce a large-scale repair crew for when the lines inevitably break for whatever reason.
Then there's air transport. I can't see 747s being powered by electricity any time soon. And as for non transport needs, what about plastics? Fertiliser? Chemicals in general?And once you've done all this -- how much did it cost you? How much will the electricity generation (which has just gone up an order of magnitude, most likely) cost? How will you store all the waste? (A lot of that last point can be taken care of with reprocessing.) And finally: how will you get over the politic hurdle of the populace's perception that "nuclear == bad"?
Probably the best bet for nuclear power would be fusion, and that's a fair way off yet before it's practical (if it ever is!)
I guess he won't be able to work from home in his muumuu.
Comment removed based on user account deletion
Why the heck are they running windows on nuclear power plants! "I just got the Blue Screen of Death." "Well, there went Texas!"
My home state of Maine became the site of the first complete decomissioning of a large commercial reactor. The plant became operational in '72 ( and it had to survive a referendum to close it in '80, '82, and '87). In '95 it was shutdown many months for repairs and they discovered cracks in the steam generator tubes. The plant opened back up for less than a year I believe, they evaluated the cost to refit the plant and they decided they would have a hard time making back the investment in refitting the plant, so they shut it down permanently. They had originally intended to operate the plant at least until 2020 or 2030. Part of the huge cost was the fact that they need to store the waste onsite. Now all that is left of the plant is a semi-permanent high-level waste storage facility on a few acre footprint. Several hundred acres of the plants land are already being developed on. Several hundred more are a peninsula where the waste storage is located and the gated access make it less attractive for commercial development.
Bush wants to have a new reactor running in the US in the next 10 years. This will be the first approved since '79 and the first to come online since the mid 90's.
Increased Security at Nuclear Power Plants is all well and good but I for one would like to see increased security in the following areas as well or instead
1) All US international shipping ports: plenty of room for trouble there (the Sum of All Fears, anyone?)
2) Water/Sewage treatment plants: one of the best ways to spread pathogens (or scare a whole lot or ppl)
3) Major Power line junctions to help prevent another power outage like the one we had thew hit most of the Northeast in 2003 (thanks, Ohio!)
4) the Coast Guard.
Nukes catch poeple's attention and imagination, but there's penty of room for trouble elsewhere that is just as potentially damadging.
my 2 cents.
uR iGn0ranc3, Their Power
I was just watching a 24 hour news update, and apparently the internet boradcast of the execution of a US Secretary Heller was a coverup for an attack on a US nuclear base firewall.
This all in an attempt to use a remote control system developed for nuclear installations in case of a radiation leak or disaster.
It's no suprise... not like there wasn't a nuke detonated in the desert all those years ago. About time they wake up.
There's nothing Intelligent about Intelligent Design.
In a lot of cases, people don't mind a nuke power plant - as long as it's (all together now) Not In My Back Yard. I worked for a company that did nuclear dosimetry, and was in and out of power plants all over the country; believe me, they are very physically secure.
Most of Californicate's troubles with insufficient energy is that almost nobody in the state is willing to be anywhere near ANY kind of power plant, nuke or not. So the plants get built elsewhere, and Calif. pays premium rates to import it (when they can get it). Dumbasses.
FYI, the state of Texas is effectively isolated from the grid the rest of the country uses - they generate enough power for "internal" usage, and that's pretty much it. Take a look at a power distribution map some time, you'll see.--- Asking inconvenient questions for over 30 years...
Nuclear powerplant meltdown after lexus drive-by bluetooth infection.
Privacy is terrorism.
So despite all this potential for generating more than enough energy for decades to come... why bother resorting to all kind of foreign policy antics to obtain the tradional heavily polluting energy sources ?
Money. There are heavily entrenched interests in the US in coal and oil, and they happen to be running the country (into the ground, I'll add.) Their freshman level understanding of Adam Smith leads them to believe that they are doing society a good by pursuing their selfish interests, namely advancing the wealth of the dirty industries with which they are so entwined.
It's not that they are pro- or anti-nuclear, it's just that nuclear doesn't fit in to their schemes, and go largely (though not wholly) ignored.
This Man has been fired...
---
Book(n): Utensil used to pass time while waiting for the TV repairman
My uncle is a security guard at a nuclear power plant. He is 59 years old and his occupation before nuclear powerlant security guard was truck driver. He is the most honest and trusworthy man you will ever meet, but he is 59 years old and had a triple bypass last year.
Delta Force operators come on an occasional announced, i.e. they know they're coming, basis to try to infiltrate. Supposedly they have succeeded every time.
I even worked in IT. Here is how it works (at least at the one I worked at): all of the software that actually runs the plant is over 25 years old (and therefore does not run Windows). It runs some obscure custom shit, not that obscurity is efficient at security, but I guess it kinda helps. Yes, the computers used by the Secretaries, the Maintenance staff, the Managers, etc. all run Windows. The servers ran Red Had 7.3. This is all fluff. If this breaks or gets corrupted one of two things happens to the reactor: 1. Nothing or 2. Nothing. There are two ways the the system is electrically connected to the outside world, and both of them are through high voltage power lines, which cannot really be used to send data in to break things. If you want to break something, you need to physically be there to do it.
If you work in a nuclear power plant, you are going to continue to do everything you can think of to make it even harder for someone to sabotage the place. Physically, this includes multiple walls, gates, barricades, guns, and more to protect the containments. From a procedural standpoint, this means anyone who wants to get on-site gets ran through a database to check your history, after getting an employee escort. Anyone who wants to get into the protected area gets personally approved after a more in depth background check, and a heck of a lot of red tape.
If you are just Joe Public (no offense), you have a much higher chance of dying in a car accident so I wouldn't worry about this.
And No, I didn't RTFA, but I figured as long as my comment was more useful than the rest of them (read: references to 24), I figured this comment would be helpful.
This is anecdotal, but minorly noteworthy - My mom used to work for the company that owned and operated Three Mile Island - the (physical) security was intense: the perimeter was ringed by towers manned by security offers with rifles and a 'no warning shot' policy - you approached the perimeter from an undesignated direction and you got shot, period.
I still have one of the security force's hats, says "TMI Rapid Response Team" and has a crosshairs in the middle.
Triv
Is that a fuel rod in your pocket or are you just happy to see me?
The Main Plant Computer System at my nuke plant doesn't actually do anything but monitor system parameters. It cannot cause the plant to do anything. It's very handy, but not vital to safety at all. I'd imagine other plants are set up the same.
Solid state logic systems do run the safety systems, but there's no way to interface with them besides the physical controls that are directly connected to them.
Alcohol, Tobacco and Firearms should be the name of a store, not a government agency.
But they are. You need to read the fine Security Focus article again, but I'll quote the worst parts for you.
The T1 line, investigators later found, was one of multiple ingresses into Davis-Besse's business network ... From the business network, the worm [slammer] spread to the plant network, where it found purchase in at least one unpatched Windows server. ... Users noticed slow performance on Davis-Besse's business network at 9:00 a.m. ... At 4:50 p.m., the congestion created by the worm's scanning crashed the plant's computerized display panel, called the Safety Parameter Display System. An SPDS monitors the most crucial safety indicators at a plant, like coolant systems, core temperature sensors, and external radiation sensors. Many of those continue to require careful monitoring even while a plant is offline, ... At 5:13 p.m. ... the "Plant Process Computer" crashed. Both systems had redundant analog backups that were unaffected by the worm, but, "The unavailability of the SPDS and the PPC was burdensome on the operators," notes the March advisory.
That's not a headline, that's a detailed technical report.
Having worked at a plant, I can say that the picture is accurate. Winblows servers have snuck into plant networks and they are awful pieces of shit that have no place there. While they are not in direct control, they can cause trouble if you depend on them to make decisions. A box that blows your network can cause even more problems because it blinds you to what might be critical information and communications. A back up you are not staffed to use is not a backup.
It's not just power plants and operators at risk. Winblows born network congestion is also implicated in the huge 2003 power outage that killed people. When hospitals, home medical equipment, EMS, stoplights, and other things we take for granted lose power, people die.
Friends don't help friends install M$ junk.
1. Terrorists storm a reactor and try to steal uranium or plutonium to make bombs.
Not likely. Assuming attackers could shoot their way past the beefed-up phalanx of armed guards, traffic barriers and guard towers that now surround every nuclear plant, they'd still have to fight their way into the reactor building through multiple levels of remote-activated blast doors--where access requires the right key card and palm print--to get to the spent-fuel pond, says Michael Wallace, president of Constellation Energy's generation group, which operates five nuclear reactors. The pond is where highly radioactive used fuel sits in 14-foot-long stainless steel assemblies cooling under 40 feet of water. Terrorists couldn't just grab this stuff and run because, unshielded, it gives off a lethal dose of radiation in less than a minute. To avoid exposure, terrorists would have to force workers to use a giant crane inside the reactor to load the assemblies into huge transfer casks, then open the mammoth doors of the reactor building and use another crane to lift the cask onto a waiting truck--all the while being shot at by the National Guard.
And While we are at it, How about crashing a plane into the reactor?
2. Terrorists crash a plane into a reactor, leading to overheating and a meltdown.
Even less likely. Assume that terrorists could get past tightened airport security and fight off passengers to get through new, improved cockpit doors and take control of a plane. Even then they'd have to crash the jet directly into a reactor to have any chance of breaking containment. In 2002 the Electric Power Research Institute performed a $1 million computer simulation to assess such a risk. Conclusion: A direct hit from a 450,000-pound Boeing 767 flying low to the ground at 350mph would ruin a plant's ability to make electricity but not break the reactor's cement shield. Reason: A reactor, smaller in profile than the Pentagon or World Trade Center, would not absorb the full force of the plane's impact. And, for all the force behind it, a plane, built of aluminum and titanium, has far less mass than the 20-foot-thick steel-and-concrete sarcophagus enclosing a nuclear reactor. It would be like dropping a watermelon on a fire hydrant from 100 feet.
Subscription required: Stopping the Bad Guys