CyberWarfare Cyberguerre

Subscribe:

Labels

mercredi 1 février 2012

Nuclear Reactor worm infection - Davis-Besse

On January 25, 2003, at 12:30 AM Eastern Standard Time, the Slammer worm began exploiting a
vulnerability in Microsoft SQL Server. Within ten minutes, it had infected 75,000 servers
worldwide—90% of vulnerable hosts. The design of Slammer was simple; it did not write itself to
the hard drive, delete files, or obtain system control for its author. Instead, it settled in system
memory and searched for other hosts to infect. Removing the worm was as simple as rebooting the
server after closing network port 1434, Slammer's point of entry.
Installing a patch Microsoft had
released six months earlier would eliminate the vulnerability Slammer exploited and prevent another
infection.
Although Slammer carried no malicious payload, it still caused considerable disruption. It searched
for new hosts by scanning random IP addresses. This generated a huge volume of spurious traffic,
consuming bandwidth and clogging networks. Slammer’s random IP scans disabled data-entry
terminals at a 911 call center in Bellevue, Washington (population 680,000), shutdown 13,000 Bank
of America ATMs, and forced Continental Airlines to cancel several flights when their onlineticketing system and kiosks could not process orders. South Korea suffered a nationwide internet
outage lasting half a day.
The Slammer worm also infected computer systems at the Davis-Besse nuclear power plant near
Oak Harbor, Ohio. The worm traveled from a consultant's network, to the corporate network of
First Energy Nuclear, the licensee for Davis-Besse, then to the process control network for the
plant. The traffic generated by the worm clogged the corporate and control networks. For four
hours and fifty minutes, plant personnel could not access the Safety Parameter Display System
(SPDS), which shows sensitive data about the reactor core collected from coolant systems,
temperature sensors, and radiation detectors—these components would be the first to indicate
meltdown conditions. Power plants are required to notify the NRC if an SPDS outage lasts longer
than eight hours.
The reactor at Davis-Besse had been offline for nearly a year before its Slammer infection due to the
discovery of a hole in the reactor head.Although Slammer's scanning traffic did block sensors
from providing digital readouts to control systems, it did not affect analog readouts on the
equipment itself; plant technicians could still get reliable data from sensors by physically walking up
to them and looking at them, though this process is slower than retrieving data over a network.
Davis-Besse had a firewall protecting its corporate network from the wider internet, and its
configuration would have prevented a Slammer infection. However, a consultant had created a
connection behind the firewall to the consultancy's office network. This allowed Slammer to bypass
the firewall and infect First Energy's corporate network. From there, it faced no obstacle on its way
to the plant control network. In response, First Energy set up a firewall between the corporate
network and the plant control network.
The Davis-Besse incident highlighted the fact that most nuclear power plants, by retrofitting their
SCADA systems for remote monitoring from their corporate network, had unknowingly connected
their control networks to the internet. At the time, the NRC did not permit remote operation of
plant functions.That policy would change by 2008.

1 commentaires:

  1. there is a nuclear disaster in the US before it happen in Iran

    RépondreSupprimer