skip navigation links 
 
Index | Site Map | FAQ | Facility Info | Reading Rm | New | Help | Glossary | Contact Us blue spacer BrowseAloud
secondary page banner Return to NRC Home Page
NRC Seal
NRC NEWS
U.S. NUCLEAR REGULATORY COMMISSION
Office of Public Affairs Telephone: 301/415-8200
Washington, DC 20555-0001 E-mail: OPA.Resource@nrc.gov
www.nrc.gov

No. 03-108 September 2, 2003

NRC ISSUES INFORMATION NOTICE ON POTENTIAL OF
NUCLEAR POWER PLANT NETWORK TO WORM INFECTION
Printable Version PDF Icon


The Nuclear Regulatory Commission staff has issued an Information Notice to alert nuclear power plant operators to a potential vulnerability of their computer network server to infection by the Microsoft SQL Server worm.

The vulnerability was demonstrated by a January event at the shutdown Davis-Besse nuclear power plant. The worm infection increased data traffic in the site’s network, resulting in the plant’s Safety Parameter Display System and plant process computer being unavailable for several hours. Neither of those systems, however, affects the safe operation of a nuclear plant. NRC regulations require safety-related systems to be isolated or have send-only communication with other systems. Public health and safety were never impacted during the incident.

FirstEnergy Nuclear, the licensee at Davis-Besse, investigated the incident and found a contractor established an unprotected computer connection to its corporate network, through which the worm reached the plant network. The investigation also found plant computer engineering personnel were unaware of a security patch that prevented the worm from working. Corrective actions include requiring documentation of all external connections to the internal network, installing an additional layer of security software, and ensuring computer personnel review new security patches and install them promptly.

Information Notice 2003-14, “Potential of Plant Computer Network to Worm Infection,” will be available electronically on the NRC’s web site at this address: http://www.nrc.gov/reading-rm/doc-collections/gen-comm/info-notices/2003/.


NRC news releases are available through a free listserv subscription at the following Web address: http://www.nrc.gov/public-involve/listserver.html. The NRC Home Page at www.nrc.gov also offers a Subscribe to News link in the News & Information menu. E-mail notifications are sent to subscribers when news releases are posted to NRC's Web Site.



Privacy Policy | Site Disclaimer
Wednesday, October 20, 2010