Slashdot Mirror
Software Update Shuts Down Nuclear Power Plant
Garabito writes "Hatch Nuclear Power Plant near Baxley, Georgia was forced into a 48-hour emergency shutdown when a computer on the plant's business network was rebooted after an engineer installed a software update. The Washington Post reports, 'The computer in question was used to monitor chemical and diagnostic data from one of the facility's primary control systems, and the software update was designed to synchronize data on both systems. According to a report filed with the Nuclear Regulatory Commission, when the updated computer rebooted, it reset the data on the control system, causing safety systems to errantly interpret the lack of data as a drop in water reservoirs that cool the plant's radioactive nuclear fuel rods. As a result, automated safety systems at the plant triggered a shutdown.' Personally, I don't think letting devices on a critical control system accept data values from the business network is a good idea."
Critical Updates are ready to be installed on your nuclear reactor. You must restart to complete them.
That's what you get for using Microsoft.
I for one welcome our new radioactive overlords.
Press hot grits to continue.
In Soviet Russia, reactor reboots you.
Yes, but does the reactor run Linux?
1) Break crucial system on reactor with update
2) Sell real update
3) Profit!
http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
Does this actually mean that every system that effects operations in the plant _doesn't_ have a duplicate system running identical software acting as a shadow/backup? This would seem like a very basic level of system protection to have in a Nuclear Power Plant... If they had maintained such a system they would of loaded the new update onto the backup servers (which would be identical in every possible way to the mains), the system would of "broken" as it did here, and they would be able to keep operating while they figured out the problem.
Also, before you make the argument "but what if the update is critical?" - it's a Nuclear Power Plant! If any sort of update can be classified as so very urgent they couldn't put it off a couple days then I'd say we have bigger problems.
Patch Tuesday?
--
[Insert signature here]
The business computers should not be connected to the control network. What a crap design. It's as bad as me updating my laptop and having to ask Google to reboot their servers.
Engineering is the art of compromise.
Hey! All I have to type is Y. (To Marge) Hey, Miss Doesn't-find-me-attractive-sexually-anymore: I just tripled my productivity!
Developers: We can use your help.
The thing I'm a bit puzzled about. . . if this system has data which is so important that the whole plant must be SHUT DOWN for two days if it fails, then why aren't there *at least* TWO of them (I'd say there's a good argument for 3 or 4, but. . .)? That way, you can take one out of the loop for updates, verify the update didn't hose your data, sync the data from the 'live' system, then put it online, take the other one offline, and complete the update on it.
If I were the power co owning this plant, I'd be ticked if the plant was dark for 2 days. With the price of energy these days, and the amount of energy a single Nuclear plant can generate, you're talking some real serious cash when the thing is down for 2 days. Especially if I have to look forward to the same thing happening again, potentially every time our systems need updating (not that it necessarily would happen every time, I would sure hope it wouldn't, but with only one system, every update is a potential for the whole plant to go down for some period of time).
That's my point. I don't want a reactor with ANY flaws. No matter how safe its default shutdown threasholds are.