--snip
The Nuclear Regulatory Commission staff has issued an Information Notice to alert nuclear power plant operators to a potential vulnerability of their computer network server to infection by the Microsoft SQL Server worm.
The vulnerability was demonstrated by a January event at the shutdown Davis-Besse nuclear power plant. The worm infection increased data traffic in the site’s network, resulting in the plant’s Safety Parameter Display System and plant process computer being unavailable for several hours. Neither of those systems, however, affects the safe operation of a nuclear plant. NRC regulations require safety-related systems to be isolated or have send-only communication with other systems. Public health and safety were never impacted during the incident.
FirstEnergy Nuclear, the licensee at Davis-Besse, investigated the incident and found a contractor established an unprotected computer connection to its corporate network, through which the worm reached the plant network. The investigation also found plant computer engineering personnel were unaware of a security patch that prevented the worm from working. Corrective actions include requiring documentation of all external connections to the internal network, installing an additional layer of security software, and ensuring computer personnel review new security patches and install them promptly.
Information Notice 2003-14, “Potential of Plant Computer Network to Worm Infection,” will be available electronically on the NRC’s web site at this address:
http://www.nrc.gov/reading-rm/doc-collections/gen-comm/info-notices/2003/.--snap
from:
http://www.nrc.gov/reading-rm/doc-collections/news/2003/03-108.html Now that meakes me feel safe... :scared:
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
