
A nuclear reactor in Indiana has gone all-digital, could mark a turning point - pseudolus
https://www.businessinsider.com/first-us-nuclear-reactor-all-digital-controls-online-indiana-2019-7
======
java-man
NONE of the current software is designed for security. I mean, NONE.

At the OS level, none of the OS use a memory safe languages, and therefore
prone to buffer overflow, stack overflow, use after free, and so on. Yes, some
RTOSes may have additional protections, but none (at least known to me) have
the memory safety as the prime design directive.

On the application level, most of the cryptography comes from OpenSSL and
similar projects. Remember heartbleed? This illustrates that a long running,
open source component that powers most of the current infrastructure can have
glaring holes (whether intentional or not).

Same can me said about hardware - Intel ME and the like. Rowhammer.

I really would like to see (and, er, participate) in an effort to build an
OS/HW system where security is the primary design goal. Is it even possible?

------
DocTomoe
I certainly hope all those systems are tightly airgapped.

I also hope you can SCRAM that reactor even though the system is currently
bluescreening.

~~~
java-man
I just hope the UI is not designed like that which caused the missile alert in
Hawaii some time back...

