Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

US Nuclear Power Enters the Digital Age 291

An anonymous reader writes "South Carolina's Oconee Nuclear Station will replace its analog monitoring and operating controls with digital systems, as part of a $2 billion plant upgrade by its owner, Duke Energy. It will become the first nuke plant in the US to use digital controls, and its upgrade may be quickly followed by others. The main driver for the move is cost savings; worries about reliability and hackers have been the reason digital systems haven't been adopted sooner."
This discussion has been archived. No new comments can be posted.

US Nuclear Power Enters the Digital Age

Comments Filter:
  • by Tau Neutrino ( 76206 ) on Monday May 30, 2011 @12:48AM (#36284050)
    And they said it would never arrive...
  • by Anonymous Coward on Monday May 30, 2011 @12:49AM (#36284054)

    So let me get this straight. Before, they were too worried about hackers, but now, they feel it's perfectly safe to do this?

    Let me guess. They're installing Windows XP, too.

    • by fuzzyfuzzyfungus ( 1223518 ) on Monday May 30, 2011 @12:55AM (#36284104) Journal
      We wouldn't want to fall behind Iran...
    • by Iamthecheese ( 1264298 ) on Monday May 30, 2011 @01:35AM (#36284314)
      Windows XP was a stable, hugely popular operating system that has had over a decade of bug and security patches. Give me XP over the latest xnix flavor any day.
      • Mod the guy funny!

        Great use of sarcasm there, building on XP having had also over a decade of most obnoxious and prolific malware, ranging from mail worms through trojans all the way to self-replicating root-kits not to mention most numerous and spectacular security holes in the entire software industry.

        And more to the point, it is also the only publicly known system to have been successfully compromised specifically to sabotage nuclear facilities....

        Oh, wait ... you were serious?!

      • Windows XP was a stable, hugely popular operating system that has had over a decade of bug and security patches. Give me XP over the latest xnix flavor any day.

        The thing is, there is essentially only one flavor of windows, despite the differently packaged and priced versions. And it is essentially an OS for end-users that privileges usability over security. They only step back from obviously bad security practices after it has become a widely exploited and publicized problem. (C: shared by default over SMB? Auto-run? The holes that windows 7 put to make Vista's annoying UAC policy less annoying?).

        Your latest ubuntu flavor may face similar trade-offs, but ther

    • Just because it's digital doesn't mean it has to be attached to the internet.

  • by SuperCharlie ( 1068072 ) on Monday May 30, 2011 @12:52AM (#36284084)
    South Carolina's Oconee Nuclear Station will replace its analog monitoring and operating controls with digital systems

    Chinese Military Admits Existence of Cyberwarfare Unit

    • EXACTLY. And as I pointed out below, Duke is the one that is massively in bed with Chinese.
    • by c0lo ( 1497653 )

      South Carolina's Oconee Nuclear Station will replace its analog monitoring and operating controls with digital systems
      Chinese Military Admits Existence of Cyberwarfare Unit

      No need to wait, they are already there [] since a long time ago. Save what you can... in this case, some costs. After all, a blender is $30 at Walmart and this is great for the nation (hint: second phrase of TFA).

  • by SeaFox ( 739806 ) on Monday May 30, 2011 @01:00AM (#36284124)

    ...hackers have been the reason digital systems haven't been adopted sooner.

    Here's an idea, let's not connect it to the Internet.

    • But what about when Homer wants to work from home in episode 135?

    • by kvvbassboy ( 2010962 ) on Monday May 30, 2011 @01:04AM (#36284140)
      AFAIK, Stuxnet was brought into the system through USB.
      • by SeaFox ( 739806 )

        If the attacker has physical access to the hardware, security is already out the window at that point.

        A USB-based attack would require the perpetrator to have as much access as the individuals using the current analog systems do now.

        • by yincrash ( 854885 ) on Monday May 30, 2011 @01:55AM (#36284400)
          not necessarily. you can use an existing employee as an unwitting vector by infecting an employee's pc who transfers work documents back and forth between work and home via usb key.

          so not just no internet access, you also need defined protocols for any media used

          • And why would a employee workstation that is insecurely configured (allowing external USB keys should be a huge no no) and that is exposed to external sources have any reason whatsoever to be connected to the digital mission critical systems running the plant?
            • It doesn't have to be. See stuxnet. Ihe Iranian network that was infected was completely isolated from the internet. Once the employee machines are quietly infect it sits and waits for more media to be inserted and it infects those then the media is carried by human to the "secure" network and .......
        • Re: (Score:3, Interesting)

          by Anonymous Coward

          Not really, it's been shown again and again that if you just drop off enough infected usb keys at an employee parking lot, during a morning or during lunch, that those employees will pick them up and naturally look up what's on those usb keys as soon as they get back in their office.

        • Hmmm I dunno, Off the top of my head I think one could just seed and employee parking lot with a few "FREE" USB flash drives. Whats the chance of an employee finding a USB flash drive in the parking lot and plugging it into an office computer when they sit down at their desk? 50%?
      • Then don't attach USB ports either.

      • by Raven737 ( 1084619 ) on Monday May 30, 2011 @04:15AM (#36284902)
        I looked up how Stuxnet works because it was relevant to my work and company (we use a lot of S7 PLCs on our production network).

        The original was now much more than a glorified backdoor. It would install itself but did not contain any directly malicious payload. It would try to connect back to attacker, then the attacker could send and execute any payload they wanted.

        It is likely the first payloads where used to identify priorities the attacked system (downloading source code etc). Then a malicious attack payload was specifically created to do the most harm and sent.

        It was a glorified backdoor because it could propagate by itself and had the components to detect and connect to, upload and hide code to PLCs.

        If it was installed by USB on a PC that was not connected to the internet then it would not have caused any direct harm since it wouldn't have been able to connect to the attacker.

        Anyway, of course you can design a variant of Stuxnet that can try to damage any PLC without prior knowledge (contain a malicious payload), but i doubt it would be very effective. Without knowing what a PLC does / is supposed to do, the damage by simply changing values would likely be minimal and be immediately recognized.
      • Which means there was a lot wrong with their overall security.

        It's perfectly safe to connect a USB key full of malicious software to a computer - as long as you do not run any software from that key! And you can only have software running from the USB key if 1) the OS allows this to begin with, and 2) the user (or OS - autostart or so) runs the software.

        It is only reasonable to assume that a properly secured OS does not allow autorun functionality, and maybe even does not allow software to be run directl

      • by bl8n8r ( 649187 )

        Initially, yes. But it used the LAN to replicate.

        "Stuxnet would first try to spread to other computers on the LAN through a zero-day vulnerability" []

    • by topham ( 32406 )

      That's getting more and more difficult by the day.

      There are other ways to get viruses onto a network.

      They are ways to get viruses onto secure networks that are, shall we say, unique.

      • by Sir_Sri ( 199544 )

        and if it's not connected to a network it becomes a very labour intensive task to push out updates to the systems to prevent against the viruses.

        Even if there is a whole internal network, that isn't connected to the internet all the modern computer security holes remain, and you either have to keep them all standalone - and update them all manually, or network them internally, update them all internally (as in, download updates by hand, transfer them to the appropriate internal network), you still need to

        • I think the real question is, why should nuclear power plant monitoring and control systems require a full-on desktop/server OS to run? Shouldn't they run things a little closer to the metal than that to reduce the number of pathways where things can go wrong, anyway?

          • Because of cost.

            Plain and simple.

          • The Siemens PLCs are managed by .... wait for it... WIndows software written by Siemens. IIRC months after the publication of Stuxnet and the Iranian infected PLSc from Siemens they still did not fix the vulnerabilities in their PLCs. The vendors that design the products have security as an afterthought. The power company is not smart enough to design such things as PLCs and control software etc. So they rely on commercial vendors such as Siemens and Microsoft. You know the rest.
        • Like in the old days when you had a cash register. All it did was be a cash register day in and day out without any problems. Currently most cash registers are cheap computers running complicated operating systems. The number of failure points is staggering.

          You want digital controls? That's fine. Design some hardware to manage those controls and then STOP. You won't have to worry about drive failures, locking down USB ports, operating system updates, people doing things they shouldn't....

        • by antifoidulus ( 807088 ) on Monday May 30, 2011 @02:51AM (#36284590) Homepage Journal
          and if it's not connected to a network it becomes a very labour intensive task to push out updates to the systems to prevent against the viruses.

          Maybe it is with windows with all that Microsoft Genuine advantage bullshit, but pushing out updates to Linux and OS X systems that are not connected to the Internet is pretty easy, i should know, i admined a huge network of them. Linux is probably the easiest. I just created a kickstart with the absolute minimum # of packages, used that as my base, and then put a copy of that system on the Internet to automatically download updates. All I have to do is periodically airgap the files(DVD works fine) over to the update server I set up on the LAN. All the machines just connect to that server and download their updates. Pretty damn simple. And if you are really hardcore, you can configure your machines to only download signed packages from trusted vendors(this is the default in RHEL for example). I spend maybe 15 minutes a week airgapping the things over... Now if you use that festering pile of insecure shit called Windows then you may have a point.
        • and if it's not connected to a network it becomes a very labour intensive task to push out updates to the systems to prevent against the viruses.

          But don't most viruses and worms come from the internet and from removable storage devices?

          If you took a computer and:
          1.installed an OS that allows file permissions,
          2.made the system drive read only for regular users (except the files that they have to change, for example, the profile directory and whatever files the software they use changes),
          3.disconnected floppy and DVD drives,
          4.disabled all unused ports,
          5.made the users sign an agreement not to connect any storage devices without obtaining permission,


    • Here's an idea, let's not connect it to the Internet.

      How else will they be able to outsource the monitoring to India?

      • Here's an idea, let's not connect it to the Internet.

        How else will they be able to outsource the monitoring to India?

        That adds a whole new dimension to help desks.

    • by c0lo ( 1497653 )

      ...hackers have been the reason digital systems haven't been adopted sooner.

      Here's an idea, let's not connect it to the Internet.

      Like the Iranian uranium enriching centrifuges were connected to the Internet?

      Or... what? Are they going to relocate microcontroller plants in US... or, for the reasons of costs, will be just produced in... a nation which has a 30-strong Blue Army commando [] (strictly for defense, of course. It's not likely they'll ever plant backdoors in hardware, isn't it?)? Something in TFA hints the second. Let me see if I can find it... here, just at the beginning:

      In a nation where a digital blender can be bought for about $30 at Walmart,

      I wonder where that $30 blender was made? In Toyota pla []

  • Hackers? (Score:5, Insightful)

    by Anonymous Coward on Monday May 30, 2011 @01:03AM (#36284136)

    Isolate the system, for Christ's sake. There's no reason that a system like this should have any connection to the Internet, any external access at all (except maybe read access for monitoring at home by the chief engineers or something), or -- and this is the part that people don't seem to get -- no freaking 802.11 access.

    I find it amazing that, working in the medical field, every hospital I walk into is at least partially dependent on wireless networks. (Hint: Send desync commands continually with an iPod -- network down.) But not only that, but they go through all these hijinks to make life suck for legitimate users, and miss obvious things like direct network access through Ethernet ports. I walked into a room a few weeks ago, and a kid had plugged his laptop into the hospital Ethernet and it was (I later verified) BEHIND the firewall. Another hospital used WEP encryption for its "official" network, and my laptop broke it in about ten minutes in a call room.

    You have all sorts of people working in administrative roles in these institutions that think security is defined as:
    1. Disable the Windows "run" command to piss me off.
    2. Don't allow me to click on the clock to see a calendar.
    3. Block web sites randomly for "security" reasons. (Hint: I'm a doctor. If I'm going to a web site I either have some legitimate reason to, or I'm goofing off because I have some critical patient that I'm stuck in the hospital with.)
    4. Throw up wireless networks with some idiotic click through screen before it will route anything, thus breaking every automated device on the market.

    Probably any of us on Slashdot could do a better job than some of these idiots.

    • Re:Hackers? (Score:5, Insightful)

      by buchner.johannes ( 1139593 ) on Monday May 30, 2011 @03:20AM (#36284672) Homepage Journal

      Isolate the system, for Christ's sake

      No, go further. Isolate all parts of the system. Only have well-defined 1-1 communication where you need it. I.e. no network where everything talks.

    • Re:Hackers? (Score:4, Interesting)

      by Anonymous Coward on Monday May 30, 2011 @03:23AM (#36284684)
      I can't comment on Points #1, #2, or #4, but I worked in a hospital network for several years and I can tell you that sites were blocked for very good reasons. Like the time we found out 40% of our internet bandwidth was being sucked up by internet radio,, Youtube, and Weatherbug (a few packets every few min is one thing, a few packets every few minutes from 10,000 computers going out the firewall at once for no good reason is something else). As for doctors needing stuff for legitimate reasons? Let me tell you about the Department head that got his team exempted from the internet filters because his team was too important to be second-guessed. We had to get a network tech to go down & muck out all the donkey porn popups every three days. This continued until the female network tech decided that she was sick of knowing what these elite doctors did with their hospital-provided computers & threatened to sue for a Hostile Work environment unless we either A) Re-Blocked the doctors or B) Stopped making the network techs clean up the computer (effectively making it unusable).
    • by Mashiki ( 184564 )

      Hell they shouldn't have any access at all. They should be in a ventilated, locked box, with no USB ports, no ethernet or wifi ports, and etc, etc, etc. But you know what? Sometime I give up. Stupidity really does win at the end of the day.

    • There's no reason that a system like this should have any connection to the Internet, any external access at all (except maybe read access for monitoring at home by the chief engineers or something)

      A webcam of the gauges, of sorts, at most. No direct outside connection at all.

  • I guess I was an idiot to assume things had already been digital for some time now...

    So what are they using right now then, a few vacuum tubes and clocksprings? Or do they have those newfangled "crystal" rectifiers and point contact transistors. (yeah, I know cave-tech and digital aren't mutually exclusive, give me a break ;) ).

    Just because there is no computer running the show, doesn't mean it isn't digital. I'm sure there must be some digital bits involved, no? Or is it just big fucking analog panel meter

    • ...enlighten me.

      Can it be any more obvious??
      "The goal of going digital is to save money."

    • by droopus ( 33472 ) *

      I found a pretty neat site [] that has a lot of cool pictures of what appears to be a modern Russian plant.

      In this picture [] we see the control panel and yeah, it looks like it is big fucking analog panel meters and red buttons. But there's a display [] that is obviously some sort of digital status..not sure if it's electrical or some valve array thing, but as OP said there is already apparently some digital already.

      • Redundancy.

        We have much the same on most oil rigs in the north sea.

        While the whole HMI system is computerized there is also a "Critical Action Panel" that contains hardwired safety functions.
        For example, you can trigger an "Abandon Platform Shutdown" from a single push button should the need arise. This button is independent from the computerized control system.

        For something as important as a nuclear plant I would sure hope they have hardwired redundancy for the important functions.

      • The digital screens poke up above the level of the control panel. The rest of it is laid out with absolute perfection. This suggests the possibility that the computerised section is a later addition.
    • Re:Really? (Score:5, Informative)

      by MyFirstNameIsPaul ( 1552283 ) <> on Monday May 30, 2011 @01:36AM (#36284320) Homepage Journal
      I was and electrician in the Naval Nuclear Power Program from 94-00 and they used hardly any digital anything. Motor controllers were made up of relays. Voltage regulators worked on saturated cores and such. Even the control rods were moved using AC or DC motors, depending on the plant. It seems hard to believe, but nuclear power is a technology from the 50s. The USS Nautilus, the first nuclear powered submarine, was launched in 1954, which I find amazing that 57 years ago they had nuclear power plants that could operate a ship while underwater, and that ship wasn't decommissioned until 1980. Yes, for alarms there are mostly just various things that trip relays such as thermocouples, pressure switches, salinity cells, etc. If you understand how the plant works, it's easy to see how it doesn't require anything digital to run. However, you could definitely save some serious cash in manpower by automating things.
      • by mirix ( 1649853 )

        Interesting. I understand it is possible to do it more or less manually, I just had assumed pieces here and there had been slowly modernized over the years.

        Then again with the level of bureaucracy involved, it probably takes the lifetime of a plant to get new parts approved anyway.

        • It is hugely expensive to modify plants.
          It is much cheaper to actually build a new plant...

          If only companies were allowed to build new plants on the condition that they shut down the old nasty ones... meh

      • Re:Really? (Score:4, Insightful)

        by countertrolling ( 1585477 ) on Monday May 30, 2011 @01:46AM (#36284362) Journal

        you could definitely save some serious cash...

        Yes, and the article made that perfectly clear:

        "Those utilities need to keep those plants running. To have unplanned outages as a result of an analog system isn't doing what we need it to do — that's a financial risk..."

        It has nothing to do with such frivolous things like safety

    • Oconee was the first of three nuclear stations built by Duke Energy. According to Duke Energy's web site, the station has generated more than 500 million megawatt-hours of electricity, and is "the first nuclear station in the United States to achieve this milestone."[2]


      First unit came online in 1973, so they probably started building in 1968, using plans that were finalized by very conservative senior engineers in 1963 at the latest. These guys at this time would have regarded PLC's as bleeding

    • Just because the rest of us use digital controllers, doesn't mean that everyone does.
      Process control suppliers such as Foxboro spent decades building analog loop controllers. Yes, they are used in big panels full of big analog gauges with actual knobs to set the setpoints and gains etc.
      I had the joy of working in a cement factory in 1982. It had a control room packed with analog Foxboro stuff. There was also a PDP-8 computer, but it didn't do anything to run the plant; it was used to compute batch ingredi
    • From TFA:

      The goal of going digital is to save money. Most systems in a nuclear power plant are monitors with four sensors. If two of them have out-of-whack readings, engineers often have to "trip" the plant, or shut it down, until the problem is resolved. ...
      Unlike a human engineer, who can only take in one measurement at a time from one instrument, the digital system takes in thousands of readings at any moment. The computer can instantly figure out if a sensor is broken and ignore it.

      So, I guess the system there is that every sensor is connected to a gauge and/or an alarm relay. There are four sensors for each parameter that is monitored, so if one of them goes bad you can know that it's the sensor (since the other three provide normal values). Because a nuclear power plant uses a lot of sensors, they go bad all the time and if two sensors for the same parameter go bad, the plant has to be shut down (since it could also mean that the parameter is abnormal and the other two sens

  • by WindBourne ( 631190 ) on Monday May 30, 2011 @01:16AM (#36284206) Journal
    Duke energy is the one that is working CLOSELY with China (they are more chinese than is GE). My guess is that these controls will come from them. As such, it will be VERY prone to control by them at the worst possible time.
  • I'm sure this will work out just fine. []

    As digital a geek as I am, I actually downgraded my pool. The garbage "computers" [] I''ve had foisted upon me by pool guys are absolute crap. So I pulled all the expensive valve actuators [] and run it by turning valves, and backwashing manually.

    I love tech and all the things I do and can do with it. But sometimes, simpler and analog works.

  • is much less of a danger in this case I think. You couldn't convince a dedicated, highly paid engineer to endanger a digital system any more easily than you could convince him to endanger a system based on analog controls. These aren't bored medium waged desk workers, they are among the world's best educated and most aware of the systems they control. I think it wouldn't take a huge amount of effort to train them on how to keep the systems isolated.
  • You know, when I wrote software for a nuclear reactor in 1977, it was definitely on a digital computer, albeit a PDP11 in FORTRAN.

  • next-gen plant that'll run for 50 years, cost less and be safer

    • Nitpick: next-generation designs are meant to run for 60-80 years, then be refurbed to run for 100-120.

      (if current experience holds, they'll then be refurbished once more and ultimately run for 150-200)
  • ... the german Government just decided yesterday to finally abandon and decommission all nuclear power by 2021. That's in 10 years. We'll be having a little extended backup reserve of 3 nuclear power plants, but their countdown has begun already.

    With regular nuclear power, we are now talking about a technology that Germans considers unmanageable, safety wise. You might want to ponder that for a minute.

    I for my part am glad that our current conservative government has finally gotten a clue (25 years after Chernobyl, none-the-less), also due to recent problems with our 'eternal' nuclear dump sites.

    Nuclear, as of current state of technology, is a bad idea. There is no fucking way that *anybody* can take over responsibility for 50 000 years worth of deadly toxic waste. Anyone who thought that needs a clobbering.

    • by serviscope_minor ( 664417 ) on Monday May 30, 2011 @03:09AM (#36284640) Journal

      I for my part am glad that our current conservative government has finally gotten a clue (25 years after Chernobyl, none-the-less),

      so you're glad that your government decided to dump the electricity generation technology that has the fewest deaths per Joule, better than the next nearest by a factor of 10?

      Going for deaths over bad publicity is your idea of getting a clue?

    • Nuclear, as of current state of technology, is a bad idea. There is no fucking way that *anybody* can take over responsibility for 50 000 years worth of deadly toxic waste. Anyone who thought that needs a clobbering.

      I am glad some of those older plants get closed, but even more glad that further research isn't going to stop, and that quite a few other countries still see a future for nuclear power. It'd be better if we had something safer and cleaner to meet our energy needs, but that's a long way off, a

    • Re: (Score:3, Insightful)

      by lordholm ( 649770 )

      Maybe, you need to compare the alternatives though. IF the German government have a realistic idea of how to compensate for the loss of 30% of their energy production, by all means go ahead. Otherwise, Germany will need to import and compensate for the loss by laying more cables to Sweden, Poland and France.

      Sweden can only sell energy during the summer, and then 30 % will be from nuclear, France will sell energy but something like 80-90% will be from nuclear and Poland will happily deliver coal based power.

    • So, how will Germany generate the power that the nuclear power plants provide now?

  • by gearloos ( 816828 ) on Monday May 30, 2011 @03:02AM (#36284618)
    Well, being an Power Systems Controls Engineer at a major utility, I can tell you we already do analogs via a digital stream. The protocol of choice is DNP. It is a standard That also accepts the analog transducers used for the last 50 + years. I don't actually see why this is worthy of a story. The bigger story is how all of the utilities are going to adapt to the latest NERC-CIP regulations and adapt to "secure" versions of the various protocols. Things like secure DNP and a secure version of 61850.
  • by notany ( 528696 ) on Monday May 30, 2011 @03:12AM (#36284648) Journal

    The biggest problem with digital I&C is the “software common cause failure issue"

    Imagine modern nuclear plant with multiple-channel redundancy in instrument and control systems, if one instrument fails, there are others. Same applies to whole cooling systems, if one cooling system fails, there are other completely independent systems that continue to work. Typically redundant systems use instruments from different manufacturers or instruments that are implemented with different technology.

    This is not possible for digital systems because they are too costly to implement multiple times. What this means is that redundant digital control systems use same software. If one system fails because of software error, others may follow. This has already happened in German nuclear plant that had new digital system installed. Only the old analog system that was still operational saved the reactor.

    This is why Finnish radiation and nuclear safety authority required changes in Areva's plans for the most modern nuclear reactor being build, Olkiluoto 3. They added analog safety requirements. Reactor must be able to shout down even when digital I&C has total failure. Relying for all digital systems compromises redundancy.

    More info: [] []

  • The "digital" portions of most instrumentation sit on top of the analogue loop. They were designed to give you the exact same thing you had + diagnostics and early fault prediction. Instruments which could not only give you 4-20mA but tell you that if you don't attend to them then within the week there's a good chance you'll get 3 or 25mA out of them and your control system spits out NaN.

    Reliability wasn't getting in the way of the upgrade, $2bn was. There's not an industrial plant in the world that wouldn'

  • by inthealpine ( 1337881 ) on Monday May 30, 2011 @09:40AM (#36286066)
    Don't network any of the systems. That's it. Problem solved.
    Watch the first season of Battlestar Galactica and you have a design model for the cost of a netflix subscription.

"I have not the slightest confidence in 'spiritual manifestations.'" -- Robert G. Ingersoll