The Register® — Biting the hand that feeds IT

Feeds

UK nuke station denies Stuxnet shutdown

No worms here, EDF insists

By Christopher Williams, 2nd November 2010
  • print
  • alert

Regcast training : Hyper-V 3.0, VM high availability and disaster recovery

A British nuclear power station suffering an "unplanned outage" has categorically denied any link to the sophisticated Stuxnet worm.

One of two reactors at Heysham 1, owned by French energy giant EDF, was taken offline yesterday.

Parts of the site are run by Siemens S7 systems, prompting suggestions the sophisticated worm is to blame for the shutdown.

An EDF spokeswoman told The Register the suggestions amounted to "conspiracy theories".

"I can confirm that on Heysham 1 there is no Siemens S7 equipment in any safety-related applications," she said.

"There is absolutely no link between the cause of Heysham 1's trip yesterday and any 'cyber security' issues".

EDF declined to give a detailed technical explanation for the ongoing outage, citing regulations that forbid the release of such information. The regulations are designed to prevent distortion of the energy market based on speculation over when electricity production may resume.

Security researchers discovered earlier this year that Stuxnet exploits vulnerabilities in the type of Siemens control system used at Heysham, and in Microsoft Windows.

The sophistication of the attack - the EU information security agency ENISA called it "a new class and dimension of malware" - led many to believe it had been created by a state intelligence agency, possibly to disrupt Iran's civilian and military nuclear programme. Siemens and Microsoft have since released patches to secure their software.

To date there is no evidence that Stuxnet has affected any British facilities. ®

Agentless Backup is Not a Myth

COMMENTS

House Rules Send Corrections
All Reader Comments (12)
Highly Rated
Charlie Stross

No, it's not Stuxnet.

Heysham 1 is one of the UK's fleet of Advanced Gas-cooled Reactors.

A few years ago I had the opportunity -- non-repeatable, alas -- to crawl all over (and under) one of its siblings, at Torness.

If you want to write a worm that can wreak havoc on an AGR, you don't want to go for Siemens controllers -- you need something with hands and the ability to pick padlocks! Literally *every* valve in the insanely complex plumber's nightmare that is an AGR is locked in position with a padlock -- by design. There are dozens, possibly hundreds, of operational parameters that can be adjusted, and a limited envelope within which the reactor can sustain criticality while generating steam; while running, these are literally locked down, with the only easily accessible controls being physical safety features. I suspect the mere idea of running an AGR on SCADA software controlled from Windows might make the engineers responsible faint ...

(A full write-up of my visit to Torness is here: http://www.antipope.org/charlie/blog-static/rants/nothing-like-this-will-be-buil.html )

5
0
Andydaws
Reply Icon

charliestross has it about right

I worked on the construction and commissioning of Heysham II, and also did oddments on Heysham I. Heysham II is much as Charlie describes- Heysham I is an even earlier design of station, less automated and computerised....in fact, if memory serves me right, Heysham I and its sister station at Hartlepool were either the first UK nuclear stations with digital control systems, or the last with analogue!

And one thing you don't do with a nuclear station with fully certified control systems is replace them - it's not worth the effort in terms of getting HSE/NII approvals. So treat this sory with a substantial pinch of salt.

Love the books, btw, charlie!

1
0
Anonymous Coward

Forbes only half says

Forbes only half says it's Stuxnet; the article body backpedals a bit.

The other half of their point is that Edf Electricity Distribution has been sold to a pair of Hong Kong companies, and the sale has just completed. Edf Electricity Distribution apparently covers London and much of the south east. Maybe they're worried about 2012 and don't want to be associated with what is going to happen...

Nice to know UK plc's essential utilities are in safe hands and not subject to the arbitrary ravages of the free market and in particular of (very) foreign companies not a million miles from those nasty Commies in China who now do most of the UK's manufacturing.

http://online.wsj.com/article/BT-CO-20101101-700056.html

1
0

More from The Register

breaking news
Number of cops abusing Police National Computer access on the rise
Only a telegram from the Queen can get you off it
135
breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
96
Flash flaw potentially makes every webcam or laptop a PEEPHOLE
But it's a Google problem - Chrome only, insists Adobe
60
breaking news
NSA PRISM-gate: Relax, GCHQ spooks 'keep us safe', says Cameron
Whatever they are up to, it's all above board, we're told
90
breaking news
Yahoo! joins! rivals! in! PRISM! data! request! admission!
Keep calm and carry on using American tech firms, folks
41
PRISM snitch claims NSA hacked Chinese targets since 2009
Snowden suddenly looks safer in Hong Kong after revelations
33
breaking news
US chief spook: Look, we only want to spy on 6.66 BEELLLION of you
Americans assured they are not in the NSA's sights
68
Speech-to-text drives motorists to distraction
Will talking to you mean I crash into that car up ahead, Siri?
30
DHS warns of vulns in hospital medical equipment
Has your doctor's anasthesia machine been hacked?
17
breaking news
'BadNews is malware' says outfit that found it
Google says code harmless but Lookout says code base is evolving
15