Message Font: Serif | Sans-Serif
 
No. of Recommendations: 4
Jan 16 (Reuters) - A computer virus attacked a turbine control system at a U.S. power company last fall when a technician unknowingly inserted an infected USB computer drive into the network, keeping a plant off line for three weeks, according to a report posted on a U.S. government website.

The Department of Homeland Security report did not identify the plant but said criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident.

It was introduced by an employee of a third-party contractor that does business with the utility, according to the agency.

DHS reported the incident, which occurred in October, along with a second involving a more sophisticated virus, on its website as cyber experts gather at a high-profile security conference in Miami known as S4 to review emerging threats against power plants, water utilities and other parts of the critical infrastructure.

<snip>

http://www.reuters.com/article/2013/01/16/cybersecurity-powe...
Print the post Back To Top
No. of Recommendations: 0
DHS reported the incident, which occurred in October, along with a second involving a more sophisticated virus, on its website as cyber experts gather at a high-profile security conference in Miami known as S4 to review emerging threats against power plants, water utilities and other parts of the critical infrastructure.

=========================================================

Nuclear power plants are vulnerable in this area also.

Cheers,
jaagu
Print the post Back To Top
No. of Recommendations: 7
Nuclear power plants are vulnerable in this area also.
Cheers,
jaagu

------------------------------------------------------------

There you go again, spreading innuendo and doubt about nuclear power. The power plants have very strict regulations regarding computer security and how the plant's digital control systems are allowed to communicate with the outside world. You have no proof of any specific deficiency that makes the plants "vulnerable".

If anyone is interested, the following link provides some information on US nuclear power plant computer security.

http://www.nrc.gov/about-nrc/regulatory/research/digital/key...

- Pete
Print the post Back To Top
No. of Recommendations: 1
There you go again, spreading innuendo and doubt about nuclear power.

======================================

NRC says:

"The purpose of cyber security is to detect and then eliminate or mitigate vulnerabilities in the digital system that could be exploited either from outside or inside of the digital system protected area. The process of defending against this class of failures is made more challenging by the rapidly evolving "industry" that continues developing new attack methods. Various individuals and undocumented organizations develop viruses, worms, and associated computer programs. Others concentrate on developing methods for gaining access to protected data and systems with the intent to disrupt system operations or illegally obtain information from the systems."

-----------------

The facts are:

"America's power, water, and nuclear systems are increasingly being targeted by cybercriminals seeking to gain access to some of the nation's most critical infrastructure."

"Hackers hit the bulls-eye on "several" of their nuclear targets: "These organizations reported that their enterprise networks were compromised and in some cases, exfiltration of data occurred," the DHS team wrote. It said that it is not aware of any successful breaches of nuclear control networks."

http://money.cnn.com/2013/01/09/technology/security/infrastr...

Keeping your head in the sand does not make nuclear power safer. Acknowledging the problems can make nuclear power safer.

Cheers,
jaagu
Print the post Back To Top
No. of Recommendations: 13
"Keeping your head in the sand does not make nuclear power safer. Acknowledging the problems can make nuclear power safer."

That's all true, but no one said that it isn't being acknowledged. Your comments would get a better reception if:

1. You didn't make a habit of finding any excuse or thread to bash nuclear. It makes the fair points stand out so much less.

2. You didn't toss out undocumented assertions yourself while demanding proof of every statement that others make.

The amusing part is that your link bears out the point that you intended to refute as much as it shows your own point: Note that, despite repeated attacks, no nuclear controls network has been breached. That isn't blind luck or the result of heads inserted into sand, btw, it is due to much hard work and strict protocols.
Print the post Back To Top
No. of Recommendations: 0
That isn't blind luck or the result of heads inserted into sand, btw, it is due to much hard work and strict protocols.

=================

My statement was that nuclear power plants are vulnerable in this area. Pete says: "There you go again, spreading innuendo and doubt about nuclear power"

So why not go after Pete for dismissing the real concern?

I did not say the nuclear industry as a whole is all heads in the sand - just Pete with his dismissal of the concern.

I bash nuclear where bashing is due. Can you point to any of my bashing that is not warranted?
Print the post Back To Top
No. of Recommendations: 16
"I bash nuclear where bashing is due. Can you point to any of my bashing that is not warranted?"

How about the example of jumping into a discussion about power plants cybersecurity, in general, to single out nuclear power specifically? You yourself later posted a link noting that nuclear operations have never, even once, been compromised. So why, other than a desire to bash, would you throw the word nuclear into the conversation? That kind of attitude fosters the dismissive tone in those who respond. You don't like nuclear; we get it. When you look at each thread as a new opportunity to work in a swipe at nuclear, though, people stop paying attention.

I have to wonder if you are an inspector or an environmental lawyer. Both of those trades share certain traits and run the same risk. They are great at bringing up problems but generally aren't tasked with solving them. This leads to two problems. First, there is the game of coming up with some unlikely scenario and asking the other party to prove that it isn't a problem. There is no end to that game because there is no end to possible scenarios. The other challenge is keeping a sense of perspective. Both professions risk losing the attention of the people that they seek to protect by bringing up so many minor issues and inflating them out of a sense of scale that the important stuff gets lost. That task is really, really hard, because many of the same behaviors that create minor problems also create major problems, but punishing too many small problems creates a sense of fatigue.
Print the post Back To Top
No. of Recommendations: 1
I have to wonder if you are an inspector or an environmental lawyer.

======================

LOL!

Your ignorance shows. I am a retired nuclear engineering manager with over 35 years of experience in designing, licensing, constructing and operating nuclear power plants and nuclear fuel cycle facilities.

I am an expert in nuclear power and I know about the short comings of nuclear power plants. And cyber security is an issue at nuclear power plants and nuclear fuel cycle facilities even if Pete dismisses everything negative about nuclear power. I guess you never heard of Stuxnet.

What are your nuclear qualifications?

Cheers,
jaagu
Print the post Back To Top
No. of Recommendations: 3
Nuclear power plants are vulnerable in this area also.

But so are any other types of power plants.

Just imagine a solar thermal plant taken over by the Lex Luther virus...when a plane flies overhead all the mirrors focus on the plane and melt it out of the sky.

How can we allow these plants to be built without knowing their exact defense against such a plan?

Mike
Print the post Back To Top
No. of Recommendations: 3
Just imagine a solar thermal plant taken over by the Lex Luther virus...when a plane flies overhead all the mirrors focus on the plane and melt it out of the sky.
How can we allow these plants to be built without knowing their exact defense against such a plan?
Mike

----------------------------------------------------------

I understand you are being quite sarcastic, but the US military has actually expressed concerns about a new concentrating solar power facility being built in the California desert. The planes operating in the Fort Irwin training range could have their heat-seeking missiles confused by the hot central tower.

http://articles.latimes.com/2012/jun/21/local/la-me-solar-he...

Maj. John G. Garza, who represents the Pentagon on a California renewable energy planning group, said potential conflicts with solar plants in the desert are not yet fully understood.
One worrisome possibility?
"The solar tower would be a heat source," Garza said. "A heat-seeking missile could confuse the source, and instead of going to a target on the range, it would go to the tower."
A buffer zone between artillery ranges and solar installations could guard against that scenario. But Garza said no one yet knows how much space would be required.

-------------------------------------------------------

There is also the problem of "flash blindness", when planes in the area get in just the right spot to be illuminated by the mirrors. Birds in the area will probably also be adversely affected.

From the article:
About 30 years ago, ornithologist Robert McKernan and a colleague conducted studies at the Solar One plant near Barstow. By collecting and analyzing bird carcasses, they found that some birds flying through the solar field were incinerated outright. Others perished after their feathers were singed or burned off, or when they collided with the mirror structures or the central tower.

Incinerated outright? If it was a nuclear power plant doing that, the environmentalists would never find that acceptable.

- Pete
Print the post Back To Top
No. of Recommendations: 3
I understand you are being quite sarcastic,

Yes, but wouldn't a plane being melted out of the sky instantly kill more people than a typical reactor meltdown?

Mike
Print the post Back To Top
No. of Recommendations: 2
Yes, but wouldn't a plane being melted out of the sky instantly kill more people than a typical reactor meltdown?

Mike



I know a fair bit about airplanes and according to our Troll nothing about nuclear power so I handed the bolded part to my buddy Google and this was the first article returned.



http://www.nytimes.com/2011/07/30/science/earth/30radiation....

N.R.C. Lowers Estimate of How Many Would Die in Meltdown

By MATTHEW L. WALD
Published: July 29, 2011

ROCKVILLE, Md. — The Nuclear Regulatory Commission is approaching completion of an ambitious study that concludes that a meltdown at a typical American reactor would lead to far fewer deaths than previously assumed.

...

The report is a synthesis of 20 years of computer studies and engineering analyses, stated in complex mathematical terms. In essence, it states that if a prolonged loss of electric power caused a typical American reactor core to melt down, the great bulk of the radioactive material released would remain inside the building even when the reactor’s containment shell was breached.

...

One person in every 4,348 living within 10 miles would be expected to develop a “latent cancer” as a result of radiation exposure, compared with one in 167 in previous estimates.

“Accidents progress more slowly, in some cases much more slowly, than previously assumed,” ...

...

It concluded that Peach Bottom would not release enough radioactive material to kill anyone immediately, although it could increase the rate of cancer deaths over future decades. At Surry, the probability was so low and the number of people living within 10 miles so small that the death toll would be a fraction of a person.


Meanwhile this fellow had the type of fire that a battery fire would probably cause. Everyone died when the aircraft hit the water at high speed. This is pretty close to my home though I was living in Germany at the time.


Tim

http://en.wikipedia.org/wiki/Swissair_Flight_111

The aircraft disintegrated on impact,[10] killing all on board instantly.[11] The crash location was approximately

44°24'33?N 63°58'25?WCoordinates: 44°24'33?N 63°58'25?W, with 300 metres' uncertainty.[12]
Print the post Back To Top
No. of Recommendations: 1
I know a fair bit about airplanes and according to our Troll nothing about nuclear power so I handed the bolded part to my buddy Google and this was the first article returned.

=====================================

Troll Tim again shows he knows little about severe nuclear accidents when he ignores the devastation, suffering, human displacement and cleanup costs of a nuclear melt down and only looks at the number of immediate deaths. He also does not know that the NRC had many non-conservative assumptions in their analysis.

Troll Tim thinks its OK for the devastation, suffering, human displacement and the cost of cleanup at Three Mile Island, Chernobyl and Fukushima.

Troll Tim seems to think an airplane crash is worse than a nuclear meltdown. Obviously he is a micro-thinker. He can not see the macro impact of the nuclear accident.

Troll Tim needs to go back to high school - he obviously never finished high school.
Print the post Back To Top
No. of Recommendations: 2
"LOL! Your ignorance shows. I am a retired nuclear engineering manager with over 35 years of experience..."

So, everyone on this board is ignorant to the point of making you LOL if they don't know you and the details or your 35-year career? Seriously? I don't have the expectation or desire for that kind of personal detail.

"And cyber security is an issue at nuclear power plants and nuclear fuel cycle facilities even if Pete dismisses everything negative about nuclear power. I guess you never heard of Stuxnet."

Well, again I have to point out that hyperbole is not required every time someone tries to avoid having a thread steered to the perils of nuclear power. So now poor Pete dismisses EVERYTHING negative and I have never sadly heard of Stuxnet. Unfortunate for us all.

I am honestly sorry to hear that you had to spend 35 years in an industry against which you bear such ill-will. I can only image the suffering that you and those around you bore in the last few years. I can assure you, however, that trolling message boards bashing nuclear won't atone for your perceived nuclear sins. You might, however, get some goodwill from appearing as a whistle-blower at a Congressional hearing or perhaps on 60 Minutes. Maybe you could look into getting a job in alternative energy. I don't know what kind of engineering you were in (maybe another reason for you to LOL at my ignorance) but I do see many opportunities for civil engineers to do layout and foundation designs for wind installations worldwide. Maybe some kind of megawatt-renewable-for-megawatt-nuclear project completion atonement would work out for you. The hours required to do engineering for a wind installation are very low compared to nuclear, so you would have a good chance of catching up within your lifetime. I guess something about the repurcussions of a windmill blowing in a farmer's field in North Dakota over compared to a nuclear reactor blowing over outside of Los Angeles lead to a differential permitting threshold. To be clear, I am not arguing that point.
Print the post Back To Top
No. of Recommendations: 2
"LOL! Your ignorance shows. I am a retired nuclear engineering manager with over 35 years of experience..."


Not following the compete thread as it appears to be way of track but the above quote clearly indicates a one sided opinion Which usually is 100% off track and biased.

IKan, not accept the crap.

Have a great day!
Print the post Back To Top
No. of Recommendations: 0
IKan, not accept the crap.

Have a great day!


Yeah I'm out to, even when I have the little jerk on ignore I end up being part of the audience.
Print the post Back To Top
No. of Recommendations: 1
So, everyone on this board is ignorant to the point of making you LOL if they don't know you and the details or your 35-year career? Seriously? I don't have the expectation or desire for that kind of personal detail.

Then why did you start by insinuating that I am an inspector or an environmental lawyer and use hyperbole to describe those professions in the worst possible manner?

Instead of wasting your effort on bogus descriptions of inspectors and environmental lawyers, you could come out straight and ask me what my qualifications for bashing nuclear power. But instead you wanted to make up a bogus story. That is why I called you ignorant, and contrary to your statement I did not call everyone on this board ignorant. Maybe I should have called you devious and malicious instead.

Since you have never heard of Stuxnet: It is a highly sophisticated computer worm that has been used to cyber attack Iranian nuclear facilities. Do not be sad any longer about not knowing because here is a website where you can read about it.

http://en.wikipedia.org/wiki/Stuxnet

As this thread was about cyber attacks, you could have added to the technical discussion instead of being the den mother on what I can or can not say. You are getting into the same habit as that big jerk Tim who goes around telling me what I can or can not say - but not adding a morsel to the topic under discussion.

And lastly, I do not know why you are so interested in my finding a job. You say above you are not interested in personal detail, but here you are giving me detailed advice. I am in my 70s and had a long successful career in engineering. I am financially secure. I retired at my pleasure, and if I wanted – I could call Bechtel and get a job immediately because of my qualifications and experience even at my age. Bechtel was not happy to see me retire in 2005. I managed teams of multi-discipline engineers numbering between 50 and 300 on many nuclear projects. So I am well versed in all of the disciplines of engineering besides my early training in mechanical and nuclear engineering. In between nuclear projects, I also worked total of 5 years on military facilities, space launch complex facilities and chemical waste cleanup facilities for Bechtel.

Contrary to your assumptions, I have no ill will against the nuclear industry – just some areas of the nuclear industry need bashing on some of their behaviors and deceptions. If you think nuclear industry is upright and clean as a whistle, then we can say the same about the oil and coal industry.

You never did tell me your nuclear qualifications or any other engineering qualifications. Does your handle really mean you are an engineer?
Print the post Back To Top
No. of Recommendations: 2
EngineerPaul wrote:

How about the example of jumping into a discussion about power plants cybersecurity, in general, to single out nuclear power specifically? You yourself later posted a link noting that nuclear operations have never, even once, been compromised. So why, other than a desire to bash, would you throw the word nuclear into the conversation? That kind of attitude fosters the dismissive tone in those who respond. You don't like nuclear; we get it. When you look at each thread as a new opportunity to work in a swipe at nuclear, though, people stop paying attention.

===========================

EngineerPaul,

It is time for your nuclear power and cyber security lesson.

Cyber security of power plants and the electrical grid are inter-related. Any type of major electrical power generation whether it is coal, natural gas or nuclear is vulnerable to cyber attacks directly or indirectly. For example, a cyber attack on one or more of these fossil power generators can bring down a large section of the electrical power grid.

“The government and electric industry official estimated that simultaneous cyber-attacks carried out on key power generating facilities could extinguish power over huge geographic areas for many months. The economic cost would be tremendous. An economist projected that if one-third of the U.S. had no power for three months, the national economy would suffer by at least $700 billion.”

http://www.safetyissues.com/site/cyber_crime/power_plants_vu...

If the grid goes down to which a nuclear power plant are connected, then the nuclear power plant loses all connections to the grid. The nuclear power plant is then in what is called a LOOP (loss of offsite power) condition, and the plant automatically trips and must immediately start emergency procedures to shutdown and cool down the nuclear power plant. This LOOP condition requires emergency diesel generators to start automatically and supply AC power to the decay heat removal systems and the shutdown cooling systems. This is not a desirable condition for the nuclear power plant and must be reported to the NRC quickly.

The fact that NRC and Department of Homeland Security have not published any actual cyber attacks on nuclear power plants has many possible explanations:

1. They do not share with the public any nuclear power plant security details they do not want these details falling into the hands of terrorists
2. They do not want to scare the public or give terrorists any information about cyber attacks that may have occurred
3. The cyber attacks did not cause enough damage to become a public incident

There are many articles that have reported concerns with cyber attacks on nuclear power plants:

The threat to digital systems at the country's nuclear power plants is considerable, but the sector is better prepared to defend against potentially devastating cyber attacks than most other utilities, according to government and industry officials and experts ...

Cyber attacks have been an increasing source of concern in recent years but the threat was highlighted last month by the first discovery of malicious code, called a worm, specifically formulated to target the systems that direct the inner operations of industrial plants. To date the malware is thought to have infected more than 15,000 computers worldwide, mostly in Iran, Indonesia and India.

The issue is critically important for new nuclear power facilities that would be built in the United States and throughout the world as control rooms would employ digital systems to operate the plants. Those state-of-the-art instruments and systems make them targets for hackers.
A U.S. Nuclear Regulatory Commission spokeswoman declined to say whether there have been any cyber strikes against the nation's nuclear power sector. Security events, including a computer-based attack at an energy facility, would be "sensitive information" and therefore not released to the public, she said.

http://www.nti.org/gsn/article/nations-nuclear-power-plants-...

“Nuclear power and other facilities … saw six reported incidents last year compared with 10 in 2011, the ICS-CERT report found.”

http://www.csmonitor.com/Environment/Energy-Voices/2013/0107...

So in conclusion, you were totally off base to say that my posts were picking on nuclear power. The fact is that nuclear power plant cyber security is of utmost importance because it is constantly under threat from new cyber attacks. End of nuclear power and cyber security lesson!

Cheers,
jaagu
Print the post Back To Top
No. of Recommendations: 1
"Then why did you start by insinuating that I am an inspector or an environmental lawyer and use hyperbole to describe those professions in the worst possible manner?"

I cross paths with both manner of professionals from time to time, and I don't think I described them in the worst possible manner. Many of the good ones will admit to struggling with the issues I noted. IMO, inspectors have the hardest job. If they start letting small things slip, it gets out of control fast. If they hammer people over every mis-dotted i and mis-crossed t, they get painted as obstructionist and can get marginalized, which also leads to things being getting out of control. I have a lot of respect for the inspector who can walk that line.

"And lastly, I do not know why you are so interested in my finding a job. You say above you are not interested in personal detail, but here you are giving me detailed advice."

You seem upset about the industry. Message boards are not a very productive way to take that out. There are better ways, particularly for someone of your apparently strong qualifications.

"Does your handle really mean you are an engineer?"

Yep.
Print the post Back To Top
No. of Recommendations: 3
I don't understand why people think that nuclear power plants...and power plants of any and all type are so vulnerable to cyber attacks.

First, if we go back a few decades when most of these plants were built there was no Internet (as we know it today) and the plants were built and operated just fine.

Second, if we go back to 1998-1999 "experts" warned us about the y2k bug and how all of the power plants connected to the grid were overly dependent on computers and everything was going to shutdown as the clock ticked midnight, etc. Nothing happened. Either there was no (nonsensical) logic that compared MW being produced with the wall clock...or all the date logic was OK.

I've always wondered why it is that people assume that because there is a computer that is controlling something in a power plant...that the same computer is sitting there with operators doing Google searches and the like and vulnerable to random cyber attacks.

Mike
Print the post Back To Top
No. of Recommendations: 1
"I've always wondered why it is that people assume that because there is a computer that is controlling something in a power plant...that the same computer is sitting there with operators doing Google searches and the like and vulnerable to random cyber attacks."

Maybe the key word in your sentence is "random" attacks. It is much harder to attack a well-protected computer, particularly one that is isolated from the internet. It is not, however, impossible, if the attack is a well-planned operation on the part of a well-funded group with a long timeline.
Print the post Back To Top