Computer worm ‘designed to blow up nuclear power stations’

Additional info in LBN yesterday: "Stuxnet worm 'targeted high-value Iranian assets'" http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=102x4550344

reinstall of the OS software to clear out any potential bugs.

You'd have to do a lot more than reinstall the OS software.
edit to add: see the LBN thread: http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=102x4550344

The most credible, informative post, reply #12, on that string tells us:




PLCs are generally not that complex and difficult to check for changes to circuitry and programming. I don't think this is as big a problem as some would want us to think. More psyops.

I thought they had to run on a real-time OS, anyway.

But I seriously doubt they have the level of hackers working for them that could accomplish something like this anyway.

Most US plants don't even have processor based plant protective systems, but rely on older discrete digital logic or analog based systems (SSPS, RPS, ESFAS, ATWS, LSELS, AAFW ...).

All of the processor based systems that my Plants use are in secondary systems and are UNIX based, or they in "simple" stand alone applications using machine code.

These stand alone applications are mostly digital recorders and single point digital controllers, that are not networked, but linked together using analog loops.

Most US plants don't even have processor based plant protective systems, but rely on older discrete digital logic or analog based systems (SSPS, RPS, ESFAS, ATWS, LSELS, AAFW ...).
=============================================================

Exactly as I stated in another post. The logic is
"old fashioned" but "bullet proof" discrete digital
or analog logic.

Most of the logic is the same logic that conventional
plants have used to control the Rankine steam cycle
for decades. The safety systems of the reactor are
all discrete digital or analog.

PWR reactors are designed to inherently adjust their
power output to the demands of the Rankine steam cycle.
The saying for a PWR is "the reactor follows the turbine".

When the load on the plant is increased, the increased
current flow in the generator increases the backward
torque due to the Lorentz forces. This would tend to
make the turbine-generator set slow down if nothing were
done. However, all generators in the grid have to turn
in synchrony, so a simple feedback circuit opens the
turbine throttle valve when the generator begins to slow.

The increased demand for steam by the now wider open
throttle means more energy is extracted by the secondary
coolant loop from the primary coolant loop in the
steam generator / heat exchanger. Therefore, the primary
coolant going back to the reactor is a little cooler than
it was at equilibrium conditions.

This slightly cooler coolant feeds back via the reactor's
moderator temperature feedback coefficient. That is a
cooler, denser coolant, aka moderator; increases moderation
of neutrons, and hence increases reactivity of the reactor.

The reactor will naturally increase in power until the new
power level matches the new demand level. No electronic or
computer controlled actions are necessary. The physics
of the reactor itself takes care of the reactor control
function.

The only control needed in this case is the generator
speed feedback control of the turbine throttle. However,
power plants have had that control mechanism a LONG LONG
time before there were nuclear power plants, or microchips
for that matter.

Dr. Greg

And typically PLCs are only used to operate non-critical auxiliary equipment.

This virus appears to be nothing more than a great fear monger.

And typically PLCs are only used to operate non-critical auxiliary equipment.
----------------------------------------------

That's correct. Under NRC regulations, all logic used in
the actual operation of the reactor has to be non-programmable
hardwired logic.

The NRC doesn't allow anything reprogrammable to control the
reactor.

Dr. Greg

Re: no reprogrammable devices control reactor.

have enough information on Bushehr to pull this off? And who could it be?

Such as a 2oo3 voting system, with redundant I/O. Alarms should be going off when even one CPU starts giving different results/signals from the other two. The thought some years ago was that to make it work properly the PLC's also needed to be "diverse" such as One Siemens, One Rockwell and one Schneider Electric, As they all use their own proprietary RTOS. And as pointed out up thread. One would have to have some idea of what the non-Safe state of the I/O would need to be commanded to. As PLC's I/O firmware (stored in Flash or Prom) will automatically revert the I/O to Safe State should the PLC just stop talking to it by name/address.

Plenty of systems not linked to Nukes are single with no redundancy. Such as manufacturing plants, conveyor lines, warehouse distribution systems etc. If the payload is that bad I would of expected stories in industry about all of these systems malfunctioning already.

But the processors are not voting with each other, as far as I know.

You are correct about the "safe state".

There are also PLCs for safety applications that have circuits to test the actual state of the outputs. They have other features to ensure that the outputs are in the state they should be in.

Take a look at the "Safety PLC's" that are 61508/61511 compliant at SIL 2 and 3. They all go beyond Hot Standby to actual multiple processors with a voting architecture.