The security breach took place in July, when 'one or two' personal computers in temporary construction offices at Sizewell became infected. An engineer who was working under contract at the Suffolk site has been sacked for bringing in code without running it through an anti-virus checker. This would have spotted the 'Yankee' virus involved.
Such checks have been standard for more than a year for all software entering the Nuclear Electric sites. A spokesman said yesterday: 'We wouldn't want to infect the networks linking the sites of a company the size of Nuclear Electric . . . that could cause absolute chaos.'
He said the company was concerned that its security procedures had been violated, but that there was 'absolutely no association' between the stand-alone word processing systems which became infected and the primary protection system for the plant.
The Government's nuclear safety watchdog, the Nuclear Installations Inspectorate, is examining the integrity of all Sizewell's computer systems.
It has sought assurances from Nuclear Electric, which runs the site, that viruses could not infect the computerised protection system designed to shut down the plant in an emergency. Sizewell B, due to open next year, is the first nuclear power plant to rely so heavily on computerised shut-down.
The spokesman for Nuclear Electric said yesterday it would be 'impossible' to put a virus on to the protection software, since this is written in a form that effectively locks it away from outside interference. During maintenance, certain parameters on the software can be checked, but its basic code cannot be altered.
However, the Health and Safety Executive has said that the possibility that unauthorised code could be introduced into the primary protection system's software is 'a legitimate question and one which we have pursued as part of our technical assessment of the safety case'.
A report in today's issue of Computer Weekly says the incident in July came to light after a prominent local campaigner against Sizewell received an anonymous telephone call. He wrote to the Health and Safety Executive, which said it was aware of the intrusion.
The executive replied that it was 'highly unlikely that any unauthor ised code would remain undetected' if introduced into the plant's primary protection system, perhaps as the software was being written or during its subsequent use. 'We have yet to complete our assessment of the safeguards provided against such events, but we expect to reach a satisfied conclusion,' the letter states.
Richard Ford, editor of Virus Bulletin, said systems other than those running on personal computers would be very difficult to infect. 'One would hope that they wouldn't be running anything mission-critical on a personal computer. This is not going to do anything for public perception of security at Sizewell, but then you might expect less security on, say, a typing pool computer than on a system controlling the position of fuel rods.'
He said the intrusion was cause for concern, but said 'Yankee' was a simple, parasitic virus that was not particularly serious. However, virus software is usually very badly written, so its effect in a computer system is hard to predict. The 'Yankee' virus could corrupt files and cause a system to crash.Reuse content