Davis-Besse Nuclear Power Plant located in Ohio encountered a security breach where the Slammer worm penetrated private computer networks disabling safety monitoring systems for about five hours. The attack took place on at 9:00 am on 25th January 2002 (NRC: Davis-Besse Nuclear Plant OK to Restart, 2012). The plant workers noticed a slowdown on computer networks. The Slammer worm had used network vulnerabilities, and weakness to ********* into Davis-Besse Nuclear Power Plant and caused high network traffic congestions on networks that crashed display and monitoring system called safety parameter display system. The attack was due to the presence of vulnerability whereby one unpatched Windows Server served the network. Plant computer engineers had failed to install the patch for Microsoft SQL which the Slammer worm exploited finding its way into Davis-Besse Nuclear Power Plant network. The circuitous route also had vulnerabilities that led to easier ***********. The worm penetrated through the unsecured network through the unnamed Davis-Besse contractor (NUCLEAR SYSTEMS, 2001).The backdoor from the Internet to the corporate internal network was not under supervision-n by corporate personnel. The firewall was also weak in securing the network.
Slammer worm left the corporate network and gained access to critical SCADA networks through remote computer Virtual private network connection to the SCADA control center (LAN). However, the security measures that should be implemented to prevent and mitigate future Slammer attacks or similar occasions include: ensuring that corporate networks are segmented such that they are not interconnected with SCADA operation network. The organization requires installing security measures such as IDS, IPS, hardware and software firewalls. The software systems should be updated on a regular basis to facilitate effective security (Smith, & Borgonovo, 2007).
NRC: Davis-Besse Nuclear Plant OK to Restart. (2012). Power Engineering, 116, 2.)
NUCLEAR SYSTEMS – Maximum value program prepares Davis-Besse for license renewal – A few short years ago, the pundits predicted that the nuclear contribution to US electricity production would fall sharply as nuclear plants were retired early or decommissioned when their licenses expired. Instead, most plant owners are vigorously pursuing license renewal, which extends service life by another 20 years, and implementing uprate projects. FirstEnergy Corp’s Davis-Besse station is a prime example. (2001). Power, 145, 5, 87.
Smith, C. L., & Borgonovo, E. (2007). Decision Making During Nuclear Power Plant Incidents—A New Approach to the Evaluation of Precursor Events. Risk Analysis, 27, 4, 1027-1042.