Overview[]
In January 2003, the Davis-Besse nuclear power plant in Ohio was infected by the Slammer worm (also called W32/ SQLSlam-A or Sapphire). Slammer spread rapidly to computers across the internet by exploiting a vulnerability in the Microsoft SQL 2000 database server software. The worm scans and sends itself to random IP addresses; if it reaches a machine that is running Microsoft SQL 2000, it infects that machine and begins scanning and sending itself anew.
Slammer found its way to Davis-Besse by first infecting a consultant's network. From there it infected the corporate network of First Energy Nuclear, which operates the plant. First Energy Nuclear's corporate network was connected directly to a supervisory control and data acquisition (SCADA) system at Davis-Besse so that it could remotely monitor the plant, without any type of firewall. Once on the corporate network, Slammer could thus make the jump onto the SCADA system.
It then generated a large amount of traffic that overwhelmed the system. The safety parameter display system (SPDS), which collects and displays data about the reactor core from the coolant systems, temperature sensors and radiation detectors, was unavailable for almost five hours. . . .
A patch for the Microsoft SQL 2000 vulnerability, which had been released six months earlier, would have prevented infection by Slammer, but neither the corporate network nor the SCADA system had been patched.