Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] Slammer worm crashed Ohio nuke plant net...,
------------------------------------------------------------- Januar, nicht letzte Woche.
Die Zukunft: "the trend of linking operations networks with corporate LANs =

continues". IBM hatte in letzter Zeit Computing immer wieder mit dem=20
Stromgesch=E4ft verglichen, Stichwort grid computing. Der Kunde kann nach=20
Bedarf Rechenleistung aus dem computing grid ziehen. (Ob das Marketing nun =

flugs viele Papiere =FCberarbeitet?) Die Kraftwerksbetreiber sehen es nun=20
offenbar andersrum: Kraftwerksbetrieb =E4hnelt dem Betrieb von Servern an=20
verschiedenen Standorten, die zentral und standortunabh=E4ngig gewartet=20
werden. Wenns l=E4uft, wird Stromproduktion effizienter, die Stromrechnung =

billiger, die Konjunktur besser ....

Slammer worm crashed Ohio nuke plant network

By Kevin Poulsen, SecurityFocus Aug 19 2003 2:45PM

The Slammer worm penetrated a private computer network at Ohio's=20
Davis-Besse nuclear power plant in January and disabled a safety=20
monitoring system for nearly five hours, despite a belief by plant=20
personnel that the network was protected by a firewall, SecurityFocus has=20

The breach did not post a safety hazard. The troubled plant had been=20
offline since February, 2002, when workers discovered a 6-by-5-inch hole=20
in the plant's reactor head. Moreover, the monitoring system, called a=20
Safety Parameter Display System, had a redundant analog backup that was=20
unaffected by the worm. But at least one expert says the case illustrates=20
a growing cybersecurity problem in the nuclear power industry, where=20
interconnection between plant and corporate networks is becoming more=20
common, and is permitted by federal safety regulations.=20

The Davis-Besse plant is operated by FirstEnergy Corp., the Ohio utility=20
company that's become the focus of an investigation into the northeastern=20
U.S. blackout last week.=20

The incident at the plant is described in an April e-mail to the Nuclear=20
Regulatory Commission (NRC) from FirstEnergy, and in a similarly-worded=20
March safety advisory distributed privately throughout the industry over=20
the "Nuclear Network," an information-sharing program run by the Institute =

of Nuclear Power Operations. The March advisory was issued to "alert the=20
industry to consequences of Internet Worms and Viruses on Plant Computer=20
Systems," according to the text.=20

The reports paint a sobering picture of cybersecurity at FirstEnergy.=20

The Slammer worm entered the Davis-Besse plant through a circuitous route. =

It began by penetrating the unsecured network of an unnamed Davis-Besse=20
contractor, then squirmed through a T1 line bridging that network and=20
Davis-Besse's corporate network. The T1 line, investigators later found,=20
was one of multiple ingresses into Davis-Besse's business network that=20
completely bypassed the plant's firewall, which was programmed to block=20
the port Slammer used to spread.=20

"This is in essence a backdoor from the Internet to the Corporate internal =

network that was not monitored by Corporate personnel," reads the April=20
NRC filing by FirstEnergy's Dale Wuokko. "[S]ome people in Corporate's=20
Network Services department were aware of this T1 connection and some were =


Users noticed slow performance on Davis-Besse's business network at 9:00=20
a.m., Saturday, January 25th, at the same time Slammer began hitting=20
networks around the world. From the business network, the worm spread to=20
the plant network, where it found purchase in at least one unpatched=20
Windows server. According to the reports, plant computer engineers hadn't=20
installed the patch for the MS-SQL vulnerability that Slammer exploited.=20
In fact, they didn't know there was a patch, which Microsoft released six=20
months before Slammer struck.=20

Operators Burdened=20
By 4:00 p.m., power plant workers noticed a slowdown on the plant network. =

At 4:50 p.m., the congestion created by the worm's scanning crashed the=20
plant's computerized display panel, called the Safety Parameter Display=20

An SPDS monitors the most crucial safety indicators at a plant, like=20
coolant systems, core temperature sensors, and external radiation sensors. =

Many of those continue to require careful monitoring even while a plant is =

offline, says one expert. An SPDS outage lasting eight hours or more=20
requires that the NRC be notified.=20

At 5:13 p.m., another, less critical, monitoring system called the "Plant=20
Process Computer" crashed. Both systems had redundant analog backups that=20
were unaffected by the worm, but, "The unavailability of the SPDS and the=20
PPC was burdensome on the operators," notes the March advisory.=20

It took four hours and fifty minutes to restore the SPDS, six hours and=20
nine minutes to get the PPC working again.=20

FirstEnergy declined to elaborate on the incident. The company has become=20
the focus of an investigation into last week's northeastern U.S. blackout. =

Though the full cause of the blackout has yet to be determined,=20
investigators have reportedly found that it began when an Ohio=20
high-voltage transmission line "tripped" after sagging into a tree. An=20
alarm system that was part of FirstEnergy's Energy Management System=20
failed to warn operators at the company's control center that the line had =


Asked if last week's "Blaster" worm might have had a hand in the alarm=20
system failure, just as Slammer disabled the Davis-Besse safety display=20
panel, FirstEnergy spokesman Todd Schneider said, "We're investigating=20
everything right now."=20

"I have not heard of anything like that," added Schneider. "The alarm=20
system was the only system that was not functioning."=20

SCADA Issues=20
The Davis-Besse incident was not Slammer's only point of impact on the=20
electric industry. According to a document released by the North American=20
Electric Reliability Council in June, Slammer downed one utility's=20
critical SCADA network after moving from a corporate network, through a=20
remote computer to a VPN connection to the control center LAN.=20

A SCADA (Supervisory Control and Data Acquisition) system consists of=20
central host that monitors and controls smaller Remote Terminal Units=20
(RTUs) sprinkled throughout a plant, or in the field at key points in an=20
electrical distribution network. The RTUs, in turn, directly monitor and=20
control various pieces of equipment.=20

In a second case reported in the same document, a power company's SCADA=20
traffic was blocked because it relied on bandwidth leased from a=20
telecommunications company that fell prey to the worm.=20

Reports on the effect of last week's Blaster worm on the electric grid, if =

any, have yet to emerge.=20

The Slammer attacks came after years of warnings about the vulnerability=20
of power plants and electric distribution systems to cyber attack. A 1997=20
report by the Clinton White House's National Security Telecommunications=20
Advisory Committee, which conducted a six-month investigation of power=20
grid cybersecurity, described a national system controlled by Byzantine=20
networks riddled with basic security holes, including widespread use of=20
unsecured SCADA systems, and ample connections between control centers and =

utility company business networks.=20

"[T]he distinct trend within the industry is to link the systems to access =

control center data necessary for business purposes," reads the report.=20
"One utility interviewed considered the business value of access to the=20
data within the control center worth the risk of open connections between=20
the control center and the corporate network."=20

Future Safety Concerns=20
An energy sector cybersecurity expert who's reviewed nuclear plant=20
networks, speaking on condition of anonymity, said the trend of linking=20
operations networks with corporate LANs continues unabated within the=20
nuclear energy industry, because of the economic benefits of giving=20
engineers easy access to plant data. An increase in plant efficient of a=20
couple percentage points "can translate to millions upon millions of=20
dollars per year," says the expert.=20

He says Slammer's effect on Davis-Besse highlights the dangers of such=20

Currently, U.S. nuclear plants generally have digital systems monitoring=20
critical plant operations, but not controlling them, said the expert. But=20
if an intruder could tamper with monitoring systems like Davis-Besse's=20
SPDS, which operators are accustomed to trusting, that could increase the=20
risk of an accident.=20

Moreover, the industry is moving in the direction of installing digital=20
controls that would allow for remote operation of plant functions, perhaps =

within a few years, if the NRC approves it. "This is absolutely=20
unacceptable without drastic changes to plant computer networks," says the =

expert. "If a non-intelligent worm can get in, imagine what an intruder=20
can do."=20

Jim Davis, director of operations at the Nuclear Energy Institute, an=20
industry association, says those concerns are overblown. "If you break all =

the connections and allow no data to pass from anywhere to anywhere,=20
you've got great security -- but why'd you put the digital systems in the=20
first place?," says Davis.=20

Davis says the industry learned from the Davis-Besse incident, but that=20
the breach didn't prove that connections between plant and corporate=20
networks can't be implemented securely. "You can put a well-protected=20
read-only capability on a data stream that provides you reasonable=20
assurance that nobody can come back down that line to the control system," =

says Davis.=20

Last year the NEI formed a task force to develop updated cybersecurity=20
management guidelines for the industry. The results -- which will be=20
secret -- are expected within a few months. As part of a research effort=20
earlier this year, the NEI's task force worked with the NRC and a=20
contractor to review cybersecurity at four nuclear power plants. The=20
details of the review are classified as "Safeguards" material, but Davis=20
says the investigation found no serious problems. "There are no issues=20
that generate a public health and safety concern," says Davis.=20

"Sometime people get very anxious about digital systems and what you could =

or couldn't do with digital systems, but in lots of cases you've got=20
switches and valves and little override buttons on this thing and that=20
thing that could cause a component to shut down as quickly as any digital=20
system," Davis says.=20

Despite the Slammer breach, FirstEnergy was apparently not in violation of =

NRC's limited, and aging, cybersecurity regulations. For its part, the=20
commission wouldn't comment on the incident. The NRC has faced fierce=20
criticism for not acting sooner to curb far more serious physical safety=20
problems at the plant.=20

Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.