NRC ISSUES INFORMATION NOTICE ON POTENTIAL OF
NUCLEAR POWER PLANT NETWORK TO WORM INFECTION
Printable Version

The vulnerability was demonstrated by a January event at the shutdown Davis-Besse nuclear power plant. The worm infection increased data traffic in the site’s network, resulting in the plant’s Safety Parameter Display System and plant process computer being unavailable for several hours. Neither of those systems, however, affects the safe operation of a nuclear plant. NRC regulations require safety-related systems to be isolated or have send-only communication with other systems. Public health and safety were never impacted during the incident.

FirstEnergy Nuclear, the licensee at Davis-Besse, investigated the incident and found a contractor established an unprotected computer connection to its corporate network, through which the worm reached the plant network. The investigation also found plant computer engineering personnel were unaware of a security patch that prevented the worm from working. Corrective actions include requiring documentation of all external connections to the internal network, installing an additional layer of security software, and ensuring computer personnel review new security patches and install them promptly.

Information Notice 2003-14, “Potential of Plant Computer Network to Worm Infection,” will be available electronically on the NRC’s web site at this address: http://www.nrc.gov/reading-rm/doc-collections/gen-comm/info-notices/2003/.

NRC news releases are available through a free listserv subscription at the following Web address: http://www.nrc.gov/public-involve/listserver.html. The NRC Home Page at www.nrc.gov also offers a Subscribe to News link in the News & Information menu. E-mail notifications are sent to subscribers when news releases are posted to NRC's Web Site.

Privacy Policy | Site Disclaimer
Monday, December 08, 2008