Folks have been controlling large coal plants with Windows for years (at least since NT4, SQL)- in general, the isolation measures have been only partially implemented (gotta send graphs to the big cheese, provide engineering access to historical systems beyond a single layer of defense- or not) but will be improving with NERC 1300 ? force minimums and rigor. Nuclear is facing even bigger challenges as running nuclear plants efficiently and safely now days is increasingly requiring more data volume and fidelity; legacy stove pipe systems are transitioning to integrated digital. The data needs to reliability and securely move from secured process control systems (what every they?re running on) through layers to reach those that need it. Operations needs this information real-time and must be isolated, engineering needs to be about real-time for monitoring and modeling plant performance- being poised with right information if needed as well as longer term improvements. While simulators (e.g. perhaps build with MS developments tools) are isolated, engineering and the rest of support onsite typically has PCs with Internet access. Additionally, there's supporting systems to manage personnel security and well as projects that is often backboned over the Internet via VPN. For industry "support system" (not operational) connectivity .. still need VPN even if not on Internet imho.

Many nuclear office IT environments aren?t "locked down" and personnel are able to download and/or insert media to install software (work related or otherwise)? this is a significant area of concern in any enterprise setting. However, the most important protective measures involve approaches taken to protect digital systems that are closest to the plant operationally and that?s where a lot of the regulatory and industry focus is going. Plants need to manage the risks associated with running open systems ? can?t get lax just because ?they?re isolated?? their integrity depends on much more that just protecting proprietary data. The David-Besse incident wasn?t caused by some Internet surfing office yo-yo? it apparently was started by someone that jacked into the extended controls network and spread a known problem that wasn?t already patched (like it should?ve been).. the entire incident indicates that their controls perimeter/infrastructure needs some serious beefing up and more nuclear specific programmatic controls and oversight is needed to ensure a strong security posture and incident response capability. Controls vendor personnel, just like some computer shops, are notorious as sources of problems .. just jacking in and running problematic PCs trying to spread their infections. The controls industry as a whole is really behind the curve from a security perspective in designing and supporting secured systems using POTS.. They need to get their act much better together regardless of the niche they?re servicing. (gas, petrochemical, etc.)- fortunately there is more rigorous QA from suppliers for anything nuclear- buyer needs to be very aware and diligent.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/9592/28643#28643