Case Profile: TVA/Browns Ferry
Summary
On August 19, 2006 operators at Browns Ferry Nuclear plant had to “scram” the reactor due to a potentially dangerous “high power, low flow” condition. Redundant drives controlling the recirculating water system failed due to “excessive traffic” on the control network. Network traffic between two different vendors’ control products was the likely cause. The facility remained offline for 2 days.
Cause of incident
Improper, excessive traffic on the control network.
Cost impact
Estimated $600K in lost revenue; additional incidental costs are unknown
Why Tofino would have helped
This incident appears to be a result of poor or non-existent separation between subsystems, a very common situation in control networks. By dividing the control network into zones, and routing all communications between zones through a Tofino Security Appliance, strict rules can be enforced that define what traffic is allowed to pass between zones. Any traffic that does not match the rules is immediately blocked and reported to the Tofino Configurator.
