Case Profile: TVA/Browns Ferry


On August 19, 2006 operators at Browns Ferry Nuclear plant had to “scram” the reactor due to a potentially dangerous “high power, low flow” condition. Redundant drives controlling the recirculating water system failed due to “excessive traffic” on the control network. Network traffic between two different vendors’ control products was the likely cause. The facility remained offline for 2 days.

Cause of incident

Improper, excessive traffic on the control network.

Cost impact

Estimated $600K in lost revenue; additional incidental costs are unknown

Why Tofino would have helped

This incident appears to be a result of poor or non-existent separation between subsystems, a very common situation in control networks. By dividing the control network into zones, and routing all communications between zones through a Tofino Security Appliance, strict rules can be enforced that define what traffic is allowed to pass between zones. Any traffic that does not match the rules is immediately blocked and reported to the Tofino Configurator.

Download PDF Case Profile

Learn more about Network Threats