Marina Krotofil's presentation on how to hack a chemical plant and it's implication to actual issues at a nuclear plant

Oct. 30, 2015

Marina Krotofil's presentation on hacking a chemical plant focused on the vulnerabilities of the process and control design. One of Marina's slides was about compromising operator displays by addressing sensor signal processing filters. An intentional change in the signal processing filter resulted in a nuclear plant operating in an unsafe condition and the operators were unaware

There have a number of very interesting presentations at this year's ICS Cyber Security Conference. I will provide some observations on selected presentations over the next few days. I wanted to start with Marina Krotofil's presentation on hacking a chemical plant. It was a very interesting presentation because it was about how to cause physical damage to a chemical plant by focusing on the vulnerabilities of the process and control design not the traditional cyber pathways. One of Martina's slides caught my attention. It was about compromising operator displays by addressing sensor signal processing filters. Many years ago (long before I was working on cyber security), I was working on a flow-induced vibration monitoring problem affecting an entire product line of nuclear plants. The vibration had caused a physical problem - significant damage to the nuclear fuel system at a plant. The indicator of this physical problem was a vibration resonance indicated by the plant's in-core instrumentation recorders. Consequently, the recorder information was important as it was the only indication of the problem and the plants' would reduce power to avoid operating in this regime. Two “identical” nuclear plants reported to the plant vendor that one plant had the vibration problem and was operating accordingly while the other “identical” plant did not have the problem and was operating at full power.  What I discovered was that BOTH plants had the flow-induced vibration issue. However, one chart recorder had indicated the problem while the chart recorder on the other plant had the chart filter altered to eliminate the higher frequency noise in the signal that was indicative of the flow vibration. This resulted in the “filtered” plant operating in an “unsafe” condition and the operators were unaware.