German Nuclear Plant Infected With Computer Virus

archatheist shares a Reuters report: A nuclear power plant in Germany has been found to be infected with computer viruses, but they appear not to have posed a threat to the facility's operations because it is isolated from the Internet, the station's operator said on Tuesday. The Gundremmingen plant, located about 120 km (75 miles) northwest of Munich, is run by the German utility RWE. The viruses, which include "W32.Ramnit" and "Conficker", were discovered at Gundremmingen's B unit in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods, RWE said.

Re:

[Mr D from 63]

Specifically, it was the control board in a crane. That controller not connected to anything else, it is a standalone locally controlled item.

Re:

[Mr D from 63]

My apologies, I was thinking of another event. Ignore previous statement.

Re:

[PPH]

That's odd. Why is that crane running itself? And why is it piling all the fuel rods in one big critical ma.......

Re:

[tchdab1]

Yes. Because, of course, with increased radiation levels, the viruses will mutate at an accelerated rate and will soon be shedding from the site uncontrollably. Can I copyright this plot before Stan Lee steals it?

Not

[mdsolar]

But there is a lot of concern about security at German nuclear plants. http://m.dw.com/en/safety-chec... [dw.com]

Running a nuclear plant on Windows?

[Locke2005]

Smart move! Gives a whole new meaning to the phrase "Blue Screen of Death", doesn't it? Doesn't the Windows license specifically say it shouldn't be used for nuclear plants?

Re:

[jfdavis668]

I thought they still ran on OS/2

Re:

[npslider]

OS/2 Uranium Edition?

Re:

[halivar]

No, they've already gone through OS/4, OS/8, and OS/16. It's been a while.

Re:

[jfdavis668]

I gave up after OS-9

Re:

[solsburian]

I did after OSX

Re:Running a nuclear plant on Windows?

[OzPeter]

I gave up after OS-9

OS-9 [wikipedia.org] was/is a great OS. I used it to run a full multi-user multi-tasking system (with preemptive multi-tasking) on my Tandy CoCo back in the day (with 256kB of memory!), and also used it in many industrial embedded systems using a 68K.

Perhaps you are thinking of OS 9 [wikipedia.org]?

Re:

[jfdavis668]

I was referring to the 6809 OS that you are referring to. I was wondering how many people even remembered that it existed.

Re:

[OzPeter]

*I* remember. But many people were confused over the OS-9/OS 9 naming.

Re:Running a nuclear plant on Windows?

[Platinumrat]

I was developing a Train Control System for OS-9, then Apple came out with there similarity named operating system for the Mac. Suddenly the newsgroups became unusable and you could no longer get rely on support for driver development, as they became flooded with Apple fanbois posting how they couldn't install this or that or some stupid thing. Way to kill a reasonably good OS, Apple.

Re:Running a nuclear plant on Windows?

[macs4all]

OS-9 [wikipedia.org] was/is a great OS. I used it to run a full multi-user multi-tasking system (with preemptive multi-tasking) on my Tandy CoCo back in the day (with 256kB of memory!), and also used it in many industrial embedded systems using a 68K.

I second that; although I didn't know it would run on a CoCo. I worked at a summer job in 1989 as a technician at XYZ Corp., who made primarily OS-9 based industrial control boards. I remember writing a C-Compiler for their 68K board just for fun that produced "ROM-able" code. Incredible multitasking support in OS-9. I grew to really like that OS.

Re:Running a nuclear plant on Windows?

[npslider]

Windows machines are world famous for both stability and security. Over a billion devices can't be wrong!

Re:

[Joe_Dragon]

I think green or red is the right color there.

Re:Running a nuclear plant on Windows?

[thegarbz]

Windows doesn't run nuclear power plants. Windows displays a HMI that allows operators to interact with a specific control system with specifically custom coded control routines which run nuclear power plants. Nothing against that in the license.

Now that that misconception is out of the way, please tell me what I should run instead of Windows, then tell me which manufacturer of industrial control systems offers such a product. Every major manufacturer of industrial control systems switched to Windows many years ago for their HMIs, more recently even back end servers have switched to Windows too.

Re: Running a nuclear plant on Windows?

[Anonymous Coward]

Because when you spend houndreds of millions of dollars on a plant like this you have no leverage over the suppliers at all?

Re:

[thegarbz]

Yep exactly. You and the power industry would like to think otherwise, but control systems even Nuclear 1E certified systems are almost commodity and are just standard industrial control systems with a piece of paper attached from the school of thought of making one device that does everything is cheaper.

The nuclear industry doesn't have leverage. Heck downstream oil/gas doesn't have leverage. These are markets that aren't dominated but are outright owned by chemical / upstream. Unless you place an order of

Re:

[korgitser]

> Windows doesn't run nuclear power plants. Windows displays a HMI

> more recently even back end servers have switched to Windows too.

Have your cake and eat it too?

Re:Running a nuclear plant on Windows?

[RobinH]

I work in the automation industry. PC-based control is very common now, and is increasing in popularity, and yes you have to firewall those systems off from the network, or air-gap them, depending on the threat model. However, even an air-gapped control system needs to have maintenance people move files on and off of it. In the typical PLC-based system there's typically a laptop with the programming software on it which you have to hook up to the PLC to program, debug, troubleshoot, etc. The fact is, a PC-based control system sometimes has advantages because the PC has the programming software on it and doesn't leave the controlled area. Still, people want to copy files, so you have to defend air-gapped systems anyway. It's a tough problem, and one that the major control system manufacturers aren't providing any assistance to help us solve either. Remember, most controls people have electrical/mechanical engineering degrees. In a large plant it should be IT's job to come up with security procedures as the automation people just aren't qualified.

Re:

[sumdumass]

I don't disagree with what you say but IT has shown to not be qualified in the past too. Well not all IT but certainly some working in it. I have walked in behind people and saw servers wide open to the internet with no root password, little to no attempt at disabling unused services or closing unused ports, no virus protections, and enough IE popup Windows open that it creates a 10 minute delay on the desktop trying to access anything. Of course I was called in because they had enough of restarting the

Re:

[radiumsoup]

is there a 418.1 "I am a nuclear reactor" status code?

Re:

[Anonymous Coward]

Nope, but there is an "LP0 melting down" error code.

Re:

[angel'o'sphere]

You called for it:

Windows NT crashed.
I am the Blue Screen of Death.
No one hears your screams.

- Peter Rothman

http://baetzler.de/humor/haiku... [baetzler.de]

Re:

[Tx]

Yea, it sounds like total bullshit. Why would the software in the planes be copying a bunch of files off of every phone that is plugged in to recharge, and then writing all those files blindly onto every subsequent phone that was plugged in? That would obviously be utterly insane, but I don't see any other way to read that paragraph, and I find it hard to believe.

Re:

[DarkOx]

Maybe....

Its possible that virus on infected device causes it to write any attached media. Maybe the plane shows up as mass storage. Next victim device comes along and attaches the plane as storage. This devices does some brain dead autorun type BS and gets infected.

Re:

[Coren22]

Maybe the plane shows up as mass storage.

Never underestimate the bandwidth of a 747 full of hard drives?

Re:

[Anonymous Coward]

The fundamental question would be "why does the plane have a USB port?"

Chances are there's some reason for that, and if it's to load updated software or retrieve logs well that would presumably involve coppying/writing files to the thing you plugged into it.

If you plug a phone that presents as a mass storage device into the port that the technicians routinely plug a USB stick into for some matinance reason...

Re:

[sims 2]

Why does the charger even pass data??

Re:

[Anonymous Coward]

It's not a charger, it's a USB cable. The same cable you use to copy files between your phone and PC. Maybe this should inspire designers to return to the old legacy of having a dedicated power port and a dedicated data cable, but such designs would not sell after the populous has had the convenience of one-cable systems.

Re:

[OzPeter]

From the article:

a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit. Because the plane runs a different operating system, nothing would befall it. But it would pass the virus on to other devices that plugged into the charger.

How does that even make sense?!? What is running on the charger for it to spread the malware?

The so-called "charger" would simply seem to be a USB port on a computer in the cockpit. Still I can't say as to how this malware uses this setup in order to propagate itself given that TFS says the original OS is not affected.

Re:

[michelcolman]

I bet they are talking about the Airbus Navaero electronic flight bag (EFB) system. It's a standalone add-on system with a large touch screen used for electronic charts, manuals and performance calculations, separate from the actual airplane systems. It can receive certain information from the Flight Management System (airplane and flight ID, GPS position) but as far as I know cannot send anything back. At least I hope it can't. We certainly have to copy the performance data from the EFB into the FMS manual

Because it's Germany

[npslider]

I must ask...

Were they falsifying power-plant emissions?

Re:

[Locke2005]

Only for the diesel power plants...

Re:

[Anonymous Coward]

No they're not. You anti-nuke idiots are part of the reason we're still burning so much coal, which really does get toxins and radiation into the air with normal use. Nuclear power is only a problem in case of rare accident, which they can be designed to avoid.

Re:

[Cramer]

Nuclear power is only a problem in case of rare accident

If you don't count the tones of radioactive waste they produce.

Re:

[michelcolman]

Not to mention they're the reason why so many old reactors are having their lives extended. We can't build new, safer ones because "nukes are dangerous".

Re:

[michelcolman]

In fact, eat a staggering pile of shit.

What kind of advice is that, do you know how much radiation a pile of shit emits?!

Re:

[Anonymous Coward]

Most of the manfacturers caught manipulating emissions so far were not German...

No. No. No.

[LWATCDR]

"As an example, Hypponen said he had recently spoken to a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit.

Because the plane runs a different operating system, nothing would befall it. But it would pass the virus on to other devices that plugged into the charger."

Okay for a system to spread a virus it must execute code...
So does this mean that F_Protect have no idea what they are doing or are they just spreading FUD.

Re:

[LWATCDR]

" Like when you plug in a storage device it automatically runs scripts on the filesystem"
That is executing code on the system...

Re:

[AmiMoJo]

It depends what the aircraft USB ports are configured as. Rather than acting as hosts, they might be acting as mass storage or MTP. Ideal for uploading updates to flight and navigation data.

Having said that, it does sound suspicious. Android malware is pretty rare and since most people don't root their phones or enable unknown sources, and Google is proactive about deleting it.

And you would think anyone with access to aircraft systems could control the urge to charge too.

Re:

[LWATCDR]

Then your android phone must support OTG and the next device that you plug in that gets infected must also support OTG and for some really odd reason copy the fill from mass storage all on it's own and run it.
In other words?
Huhhhh?

logic fail

[Thuktun]

The proposition "not to have posed a threat" does not seem to follow from the combination of "found to be infected" and "isolated from the Internet".

Were the computers isolated from the control board of the nuclear power station? That's the important question.

Re:

[Anonymous Coward]

Yes, the fuel transfer equipment is basically cranes and such to move the fuel in and out of the plant and into spent fuel pools. It has nothing to do with the control board which controls the reactor.

Re:

[michelcolman]

Oh, thank god, I mean, it's not like you could use the cranes that move fuel in and out of the plant to cause any havok with radioactive material, right?

Re:Conficker???

[EndlessNameless]

The systems were setup in 2008. They probably do run Windows XP.

And don't forget that most industrial control systems are not modified after installation. Vendors are notoriously reluctant to support any changes at all, including basic OS updates.

My employer has equipment connected to unpatched XP SP1 systems because the vendor won't support anything else, and the organization is not willing to spend $200K+ to replace machines that are doing their jobs.

They are standalone systems because of issues exactly like this one. If someone took an infected file over, it would be a long time before we noticed. There is no value in traditional antivirus without signature updates---which might be a consideration if the vendor supported it with antivirus in the first place.

This is what a lack of competition looks like. They don't have to support basic security measures because there are only one or two other companies in the world that make comparable equipment, and they offer the same level of support. So our security is screwed until the government decides to regulate it.

And nevermind all the man-hours we waste doing data transfers to/from these systems. That's just a cost of doing business.

Re:

[AmiMoJo]

The problem with security patches is that you then need to re-certify the system. For a nuclear plan or other complex system that is going to be expensive, and next month there are a load more updates so you have to start from scratch again.

What's really worrying is the lack of physical security and appropriate software policies. On windows you can block access to USB ports with a group policy, for example. The ports should be physically blocked anyway. As usual, it's a procedural and management issue.

Re:

[thegarbz]

This is what a lack of competition looks like.

Not at all. There's quite heavy competition in the control system market, both for small SCADA systems, mid sized PLCs, and large DCSs'. What you're seeing here are architectural effects at work.

What's the point of securing a system on the OS level when the vendor recommends a heavily tiered network architecture combined with physical security that doesn't even expose ports of a PC? This here is a result. Malware which did nothing, though chances are if the vendor's recommendations were followed they wouldn

Nuclear Plants Running on Windows

[macs4all]

Is there anything more that has to be said?

Re:

[LordWabbit2]

Erm, perhaps "It's not yet the year of linux", but hang in there, maybe next year.

Re:

[macs4all]

Erm, perhaps "It's not yet the year of linux", but hang in there, maybe next year.

I'm sorry; how is that germane?

Nuclear Plant Infected With Computer Virus?

[tetraverse]

By any chance would this 'computer Virus' only work on Microsoft Windows running on Intel based hardware?