UK nuke station denies Stuxnet shutdown
No worms here, EDF insists
A British nuclear power station suffering an "unplanned outage" has categorically denied any link to the sophisticated Stuxnet worm.
One of two reactors at Heysham 1, owned by French energy giant EDF, was taken offline yesterday.
Parts of the site are run by Siemens S7 systems, prompting suggestions the sophisticated worm is to blame for the shutdown.
An EDF spokeswoman told The Register the suggestions amounted to "conspiracy theories".
"I can confirm that on Heysham 1 there is no Siemens S7 equipment in any safety-related applications," she said.
"There is absolutely no link between the cause of Heysham 1's trip yesterday and any 'cyber security' issues".
EDF declined to give a detailed technical explanation for the ongoing outage, citing regulations that forbid the release of such information. The regulations are designed to prevent distortion of the energy market based on speculation over when electricity production may resume.
Security researchers discovered earlier this year that Stuxnet exploits vulnerabilities in the type of Siemens control system used at Heysham, and in Microsoft Windows.
The sophistication of the attack - the EU information security agency ENISA called it "a new class and dimension of malware" - led many to believe it had been created by a state intelligence agency, possibly to disrupt Iran's civilian and military nuclear programme. Siemens and Microsoft have since released patches to secure their software.
To date there is no evidence that Stuxnet has affected any British facilities. ®
No, it's not Stuxnet.
Heysham 1 is one of the UK's fleet of Advanced Gas-cooled Reactors.
A few years ago I had the opportunity -- non-repeatable, alas -- to crawl all over (and under) one of its siblings, at Torness.
If you want to write a worm that can wreak havoc on an AGR, you don't want to go for Siemens controllers -- you need something with hands and the ability to pick padlocks! Literally *every* valve in the insanely complex plumber's nightmare that is an AGR is locked in position with a padlock -- by design. There are dozens, possibly hundreds, of operational parameters that can be adjusted, and a limited envelope within which the reactor can sustain criticality while generating steam; while running, these are literally locked down, with the only easily accessible controls being physical safety features. I suspect the mere idea of running an AGR on SCADA software controlled from Windows might make the engineers responsible faint ...
(A full write-up of my visit to Torness is here: http://www.antipope.org/charlie/blog-static/rants/nothing-like-this-will-be-buil.html )
charliestross has it about right
I worked on the construction and commissioning of Heysham II, and also did oddments on Heysham I. Heysham II is much as Charlie describes- Heysham I is an even earlier design of station, less automated and computerised....in fact, if memory serves me right, Heysham I and its sister station at Hartlepool were either the first UK nuclear stations with digital control systems, or the last with analogue!
And one thing you don't do with a nuclear station with fully certified control systems is replace them - it's not worth the effort in terms of getting HSE/NII approvals. So treat this sory with a substantial pinch of salt.
Love the books, btw, charlie!
Forbes only half says
Forbes only half says it's Stuxnet; the article body backpedals a bit.
The other half of their point is that Edf Electricity Distribution has been sold to a pair of Hong Kong companies, and the sale has just completed. Edf Electricity Distribution apparently covers London and much of the south east. Maybe they're worried about 2012 and don't want to be associated with what is going to happen...
Nice to know UK plc's essential utilities are in safe hands and not subject to the arbitrary ravages of the free market and in particular of (very) foreign companies not a million miles from those nasty Commies in China who now do most of the UK's manufacturing.