In light of the big northeastern blackout last week, I’ve heard some jokes spread around that maybe the infamous LoveSan computer virus took out the grid. Not bloody likely—or so we thought. According to SecurityFocus, the SQL Slammer worm of a few weeks ago nearly did just that…at Ohio’s Davis-Besse nuclear power plant.

The Slammer worm entered the Davis-Besse plant through a circuitous route. It began by penetrating the unsecured network of an unnamed Davis-Besse contractor, then squirmed through a T1 line bridging that network and Davis-Besse’s corporate network. The T1 line, investigators later found, was one of multiple ingresses into Davis-Besse’s business network that completely bypassed the plant’s firewall, which was programmed to block the port Slammer used to spread.

From the business network, the worm spread to the plant network, where it found purchase in at least one unpatched Windows server. According to the reports, plant computer engineers hadn’t installed the patch for the MS-SQL vulnerability that Slammer exploited. In fact, they didn’t know there was a patch, which Microsoft released six months before Slammer struck.

By 4:00 p.m., power plant workers noticed a slowdown on the plant network. At 4:50 p.m., the congestion created by the worm’s scanning crashed the plant’s computerized display panel, called the Safety Parameter Display System.

So let’s sum up this cacophony of negligence:

• The Davis-Besse nuclear plant’s internal network is directly connected to FirstEnergy (the parent company)’s corporate network. Hmm…we all know how secure large corporate networks usually are.
• A T1 line connecting FirstEnergy’s corporate net to some outside contractor of theirs completely bypassed the former’s firewall. WTF?
• Admins at the nuclear power plant were running Windows servers (/me begins to fear for his life).
• Those admins did not patch their Windows servers, and in fact did not even know patches existed for them.

I am appalled by this. Not necessarily surprised, given the Davis-Besse plant’s horrendous track record going all the way back to the seventies (just do a Google search; I can’t even begin to pick just one example out of that mess), but appalled nonetheless. Just because you are a network administrator at a power plant, rather than a technology company, does not give you a license to be an idiot! I guess now we know where Homer Simpson really works—at Davis-Besse, in the MIS department!

After SQL Slammer crashed Davis-Besse’s SPDS and a secondary plant monitoring system, monitoring was taken over by analog backups and the plant operated normally until things were brought back under control five or six hours later. The report shows that operating the plant on analog was quite burdensome for the staff. I’m sure it was! Do you have any idea how many systems need to be constantly monitored at a nuclear power station? And that’s even when the reactor is shut down!

I touched on not being surprised earlier. If I had known this would happen at just one nuclear plant, I would have picked Davis-Besse. They run the same model Babcock & Wilcox reactor as Three Mile Island, and in fact had the exact same “leaky pressurizer valve” problem that eventually led to TMI Unit 2’s demise—before it happened at TMI. And in more recent history, a nozzle leaking boric acid caused a huge hole to open up in the reactor vessel head, which—had it not been discovered during a refueling outage inspection—probably would have eventually led to the reactor’s energetic self-destruction. The NRC, being an accountable public agency, was required to publicly document the incident here, including plenty of photos. Grim stuff, especially if you’re in the engineering field.

Anyway, I’ll stop rambling now, having gotten a bit off-topic. I’m a nuclear power buff, which does not mean I’m a raving Jane Fonda lunatic—I believe nuclear reactors are a great source of energy and I’m fascinated with the mammoth machinery and interface systems. But the technology required for their operation is so complex and convoluted, requiring so much money-is-no-object attention, that I almost don’t think the human race is capable of running them with the care and ongoing investment that they deserve. There’s still too much focus on profit in our culture, and as the various cases at Davis-Besse demonstrate, profit tends to win out over all else—even safety.