Network News

X My Profile
View More Activity

Software Update Prompts Nuclear Plant Shutdown

A nuclear power plant in Georgia was recently forced into an emergency shutdown for 48 hours after a software update was installed on a single computer.

The incident occurred on March 7 at Unit 2 of the Hatch nuclear power plant near Baxley, Georgia. The trouble started after an engineer from Southern Company, which manages the technology operations for the plant, installed a software update on a computer operating on the plant's business network.

The computer in question was used to monitor chemical and diagnostic data from one of the facility's primary control systems, and the software update was designed to synchronize data on both systems. According to a report filed with the Nuclear Regulatory Commission, when the updated computer rebooted, it reset the data on the control system, causing safety systems to errantly interpret the lack of data as a drop in water reservoirs that cool the plant's radioactive nuclear fuel rods. As a result, automated safety systems at the plant triggered a shutdown.

Read the full story published on washingtonpost.com today at this link here.

By Brian Krebs  |  June 5, 2008; 2:02 PM ET
Categories:  From the Bunker , Latest Warnings , New Patches , U.S. Government  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: How to Harden Your Mac
Next: Revisiting the Safari Vulnerability on Windows

Comments

This is why you test your patches and updates outside of the production environment first *especially* when it comes to critical infrastructure. Do they not teach that anymore?

Posted by: Charles Decker | June 5, 2008 4:09 PM | Report abuse

At least the engineer was updating critical software. Hate to think the nuclear plant would be affected by updating the latest version of Flash or MS Media Player.

Posted by: K Doren | June 5, 2008 5:30 PM | Report abuse

At least the engineer was updating critical software. Hate to think the nuclear plant would be affected by updating the latest version of Flash or MS Media Player.

Posted by: K Doren | June 5, 2008 5:33 PM | Report abuse

Or heaven forbid an iTunes update forcing Safari down the pipe.

/sarcasm

Posted by: D Koren | June 5, 2008 7:44 PM | Report abuse

Now that's spooky

Posted by: jcanto | June 6, 2008 2:29 AM | Report abuse

Charles Decker wrote: "This is why you test your patches and updates outside of the production environment first *especially* when it comes to critical infrastructure. Do they not teach that anymore?"

Imagine if the software publisher was compromised and that patch carried a truly threatening payload.

Trust is all well and good, but verify the heck outta stuff like that.

Posted by: C.B. | June 6, 2008 12:41 PM | Report abuse

Mission critical systems running software from Redmond are tempting fate, unreliable from the start and easiest to crack on the net. I wouldn't call that a smart move.

Posted by: mbiker | June 6, 2008 8:23 PM | Report abuse

Too critical to have a single machine with that kind of pivotal power. Methinks they need to seriously restructure their computer setup.

Posted by: Rick | June 7, 2008 5:21 AM | Report abuse

This is a great warning for those working in highly dangerous locations; nuclear reactors, army barracks, etc. A single malfunction can cause any extremely high amount of harm. Actually you can learn the same lesson by watching any episode of the Simpsons involving Homer and a fondue kit.

Whatever happened to fault tolerance and proper DR planning? Accidents should be allowed to happen, since everyone makes them. What should not be allowed is a single accident causing a power plant to shut off for 2 days.

www.MBridge.com
http://www.mbridge.com

Posted by: mbridge | June 7, 2008 7:41 PM | Report abuse

It's simple.

Business systems should NEVER be connected to control/production systems.

Posted by: Moonlight Gambler | June 8, 2008 10:52 AM | Report abuse

Sorry Brian but this post, and its comments blaming a Patch, or the Patcher, are inane and miss the real lesson.

It's not mentioned anywhere that this is a Security Patch, so to blemish the activity and matter of Security Patching, because this unrelated one patch blew up, it's kind of,., inane.

Posted by: superfreak, esq. | June 9, 2008 12:08 PM | Report abuse

It seems the system worked exactly as designed. "Nuclear power plant melts down because system made up data it didn't have". This isn't an airplane, if it wasn't sure that everything was working, then shutting down the reactor would be the prudent thing to do.

Posted by: Sam J | June 11, 2008 12:03 AM | Report abuse

Oh ! Thats eye popping news
Good heavens ...I first thought it was some kind of stupid windows utility updates....
however it would be nice to use good computers on a commercial basis or either perform an update such as this on another computer before having a practical !
http://www.electrocomputerwarehouse.com/

Posted by: david solomon | June 12, 2008 8:51 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company