ML033360568

From kanterella
Jump to navigation Jump to search
Ltr to Blanch Slammer Virus at Davis-Besse
ML033360568
Person / Time
Site: Davis Besse Cleveland Electric icon.png
Issue date: 11/19/2003
From: Grobe J
NRC/RGN-III
To: Blanch P
- No Known Affiliation
References
Download: ML033360568 (2)
v  d  e


Text

November 19, 2003 Mr. Paul M. Blanch

[ADDRESS DELETED UNDER 10 CFR 2.790(a)]

Dear Mr. Blanch:

In your August 20 and 21, 2003, e-mails to me, you raised several questions regarding numerous news articles that had been published about the slammer worm infecting the Davis-Besse Safety Parameter Display System (SPDS) last January. Specifically, you requested to know if the news articles were accurate, if Davis-Besse had reported the virus to the NRC at the time, and whether there were any requirements to report failures of the SPDS to the NRC.

Based on our reading of the news articles, they appear to be accurate. Davis-Besse was not required to report the virus attack to the NRC because the SPDS was not lost for more than 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />. The SPDS was unavailable for a total of 4 hours4.62963e-5 days <br />0.00111 hours <br />6.613757e-6 weeks <br />1.522e-6 months <br /> and 50 minutes. Had the system been unavailable for more than 8 hours9.259259e-5 days <br />0.00222 hours <br />1.322751e-5 weeks <br />3.044e-6 months <br />, a report to the NRC would have been required.

The infection of the Davis-Besse SPDS was the subject of an Information Notice (IN) sent to all power reactor licensees on August 29, 2003. This IN described the details of how the plant computer became infected, the duration, and the corrective actions taken by Davis-Besse to correct the problem and prevent recurrence. As stated in the IN, Davis-Besse implemented the following corrective actions: (1) required network services to document all external connections to internal network, (2) installed the security patch for the Microsoft SQL Server 2000 vulnerability, (3) installed a firewall between the plant network and the corporate network, (4) established a requirement to monitor and filter the data coming into the plant network to the same standard as the corporate firewall, and (5) implemented a process for computer engineering personnel to review security patches for systems supported and install them within an acceptable time frame.

In addition, this issue was also of interest to Congressman Markey. Our response to the Congressman was sent on October 2, 2003, and is publicly available at the NRCs Public Electronic Reading room under ADAMS Accession number ML032470817.

Should you have any questions, please contact me at (630) 829-9637.

Sincerely,

/ RA /

John A. Grobe, Chairman Davis-Besse Oversight Panel Docket No.:

50-346 DOCUMENT NAME: C:\\ORPCheckout\\FileNET\\ML033360568.wpd To receive a copy of this document, indicate in the box: "C" = Copy without attachment/enclosure "E" = Copy with attachment/enclosure "N" = No copy OFFICE RIII RIII RIII NAME MPhillips:ags CLipa JGrobe DATE 11/04/03 11/17/03 11/19/03 OFFICIAL RECORD COPY

P. Blanch Distribution:

DB0350

Retrieved from "https://kanterella.com/w/index.php?title=ML033360568&oldid=5410382"