Lessons Security Systems Architecture Need To Learn From The Nuclear Industry - Rick Trotter

thanks very much everyone um it's really awesome to be here when I'm not freezing my butt off and I can actually feel my toes uh I think last time I was speaking here at bide it was the first year through and um sha Hans who was there for that one you brave people you've actually managed to get through without frost bite that's awesome um today I want to kind of um uh take a little look through it's I was just saying it's really interesting that um some of the the conclusions that um some of the guys came with the talks this morning um kind of head in the same direction that um I'd planned for my talk today so um

that's either really encouraging or we're all heading down the weird path and um we need to start read addressing that um but who am I um I'm Rick um I'm got the pretentious title of lead Cloud operations specialist um I work for consult y so you can imagine they like to give pretentious titles cuz um it brings in the dollar um I am older than the internet I know I don't look it it's my youthful gingerism um I'm the last of the Generation X um before we started um sliding on the Y paath um I'm a veteran of multiple different um incidents of critical systems um I work in the clouds and currently I look after some critical

National infrastructure for Scotland not in the nuclear industry I just happen to like tinkering with physics so if I was to say to you what's your perception of a nuclear worker what's the sort of thing that comes straight to mind I I wonder you know what what sort of things you know radiation suits um you know crazy people and I guess um that yes pretty much the entire industry is now rattled around um to come up with the idea that Horman Simpson is your typical nuclear worker um this will be a uh talk with some audience participation so I hope you got your voices ready at some points um when we're talking about nuclear incidents um we have an international

scale um this one goes from being uh that's not too bad uh there's a bit of paperwork to sort out to oh God half the planet's on fire um so um bear this in mind when we start going through um some of the scenarios that we've had and uh what that's actually meant um I'm going to relate four incidents um in the history of the nuclear industry um the lessons that we've learned from those the changes that happened in the nuclear industry and the bearing that it has on it systems uh and I'm going to wrap those around four different concepts for what a business could be from small companies through to Enterprises and for our first one the startup which

um looks at having to learn as we go we go all the way back in time to windscale how many people here have heard of windscale 1 2 3 four good grief more than I was expecting you see I'm I was expecting all of you to be in here so I wasn't expecting to know what it is wind scale um is now um called cellfield um the original one was um built early days to Kickstart the nuclear industry in the UK it is the first and worst nuclear incident that we have ever had in the UK um it is terrifying that we didn't end up with um a worse environmental disaster um and you will be surprised to

know that they have not actually decommissioned the molten mess that is um the pile uh and that's not actually going to be completed and well they said 2037 but the um the the guys are are Reckoning it's going to be in the 2040s um what was it put together like well this was a um first generation nuclear reactor so a bit like the Manhattan Project you got a big chunk of graphite um and you throw some nuclear um fuel into the damn thing and um an interesting one that the the UK decided to do was they didn't want to water cool it cuz they'd seen some problems with um an American reactor that was very much

the same big 50 foot pile of graphite loads of fuel loaded into it uh and the Americans were having problems with some cooling uh and the thing getting too hot and potentially hitting uh a nuclear meltdown point so the UK went a we're not going to water cool it cuz if we lose water the thing's going to burn to the ground we'll air cool it so we'll put some Rudy great fans at the front of it and then we'll Force air through it to cool a thing now you might notice from here here but on this diagram there's nowhere that actually seems to be pulling energy out there's no turbines there's nothing actually um generates electricity why is

that well it was to Kickstart the nuclear Industry Program but it wasn't actually to generate electricity and you kind of think okay well um you know is that just that it's um it's a scientific thing where we're trying to learn things and yes that is the case we were trying to learn about nuclear reactors brand new industry first in the field um the guys were kind of getting to terms with with what what was going on um they put some chimney scrubbers in because you know if if you're shoving air past things that are nuclear fuel you kind of want to make sure that if it's radioactive particles you filter those out before you throw it into the

environment they didn't really want to have to do that cuz it was expensive and by the point that they'd thought maybe this is a good idea to put some scrubbers on there um they'd already started building chimneys so they ended up with them at the top which is why it looks weird um the control rooms very basic controls but the whole point was that we were making nuclear material so we could blow stuff up and at the time we're trying to get in bed with the Americans to get the nuclear program it's postwar um the Americans want to keep all the nuclear secrets to themselves they want the bomb they want in control of it UK is

wrangling for that so the government puts pressure on we need to get a bomb we need to get this massive detonation so that we can be in League with uh America and share nuclear secrets um to do this realize that these cartridges and these weird shaped things here these actually had the nuclear fuel in and these were pushed through um the pile they would react together and they would generate products in it that we could then use for uh nuclear bombs great no problems fine these things are fairly safe in is we're kind of learning what's going on um we've had a few kind of minor incidents with with getting the thing online but we need to do it faster

so what do they do they start trimming off the fins from these things so that they can create more heat more generation so what happened well the temperature on this pile Rose um at one point and they kind of they'd seen this before and they they were starting to learn the physics behind this um that if you put enough nuclear product next to graphite it changes the structure of graphite it starts to get hot it starts to store energy inside it um this basically ends up with hot zones that you can't cool easily because it's stored energy it's like having a big battery or a capacitor that you're throwing energy into um and the only way

to discharge it is to get everything hot and let it all cool out naturally so okay they've got this thing it's called a vigner release where they basically heat the whole thing up and they let it cool down again so they did that and it didn't seem work and thought that's a bit funny okay we'll do it again um so they got the thing hotter and at this point they're thinking this is getting quite hot this is close to graphite melting type temperatures better turn the uh the funds on so the F the fans are ramped up uh the radiation monitors start to kick off that there's um particles going up the chimney so okay maybe we've got a burst

cartridge or something this has happened before cuz the carries get pushed through the pile and then they drop into a pit and sometimes they don't drop into the water properly and they have to have someone push it with a steak uh and get into the water you know real safe things uh it was the 50s after all um so um they think okay uh maybe this a burst cage lift up one of the lids uh this thing's on fire so everyone I would like you to repeat after me blim me Governor hold my cup of tea I've got an ideaa idea excellent let's turn the fans on and put them really high power to uh

to blow this out who knows what happens when you put lots of oxygen into a fire yes that's right the entire pile Goes Up in Flames so this spreads the fire out to the other channels the attempt to start ejecting the cartridge using scaffolding tubes and all sorts to get things out the way and create a fire Break um and and then they're kind of like this isn't working there's still graphite on fire and there's all sorts of nuclear fuel on fire and this is really bad okay we've got some carbon dioxide that's just been delivered for the nuclear reactor that we're just about to commission next door let's pile that in but they couldn't

deliver it in sufficient quantities so um let's pour water into it what's water made of hydrogen and oxygen when it gets hot enough it spits you get a nice gas that explodes exp and you get some nice gas that explodes so this is a little bit risky um they try this and start shoving horses in the front of the thing to get it cooled down doesn't quite work um they eventually think right what the hell do we do um and one of the guys uh who's running the place is on top of the pile looking down into the Flames trying to look from an angle so he doesn't get completely burned away with the radiation um shut the fans off shut all

of the air off seal the place up so they did that Flames died out instantly um and they contined piling in water for the next day to try and stop the rest of it Lessons Learned fans fans really guys um so they really they started to learn about you know what the the effects and caused by uh stored energy they start looking at um you know the way that we're doing this this isn't the the best reactor type let's scrap that let's do something else a lot of this was covered up which is why a lot of you probably don't know about it um because at the time we were trying to make sure that we could get

into the nuclear programs so what do we learn in it from this new processes will always put you into unknown situations quickly and when you're in a startup for those of you that probably work in a startup you'll have you have experienced this um the first teams that Implement a new technology are going to have to learn skills quickly you're going to have to figure things out that you've never seen anyone else do if you're not going to design safety features in at the beginning and consider potential outcomes you're probably going to run into them because Murphy's law says that anything that's going to go wrong is going to go wrong and you need to document all of

the processes as you go um and and be prepared to write off the first versions I've been there I've been in the startups you know we've learned some of the lessons we've uh we fought the fires early on um but once you get past your startup you start moving into an established business so hey this thing's kind of working we're rolling out to um more things across the country who's heard of third Three Mile Island a couple of you not all many of them Tri mile island is um basically the incident that um brings us to The Simpsons um so when when you think of nuclear power and The Simpsons and the chaos that it is and um the crazy plant

that there is that's basically based on three m Island three m Island was um two nuclear power plants on an island 3 mil long it's in the name Americans it was a most significant accident in the United States commercial nuclear industry it happened in 1979 um on that crazy scale we're also at number five so um windscale was a five that had disaster Beyond its surroundings because it ended up with loads of people um Contracting cancer um this was also a five out of seven um the biggest thing for through Mile Island was that it was the financial impact that actually mattered most to the company because we had had A4 billion asset turn into a one billion

negative liability within the space of around 2 hours um it was a product of the manufacturers basically knowing information and not sharing it with the people that were running their plants and it basically basically stalled the nuclear program in uh the us through fear so what was it like well as you can see it's not a pile like windscale was um and there's a whole generation bit on it we're going to generate some electricity we've got our reactor building we've got our turbine building we've got cooling towers you can see something that's a little bit different on this one and this big thick line around here is something that came in on these um generation 2 reactors

which is containment building nice big thick structure several feet thick reinforced concrete um creates an environmental Shield creates a blast Shield should there be anything keeps everything nice and condensed inside um diagram on the right is the state of the nuclear core after the incident and you can see there's a load of corite at the B bottom there that basically is the melted Fuel and um uh some of the cladding so what happened so the manufacturer was already aware that there were problems with some of the valves um they didn't tell anyone about this and some other plants had encountered the problems there was a a similar incident um 13 months before 3 Mile Island and um

fortunately they were running in a low power mode on their reactor um and they discovered that um the pumps were uh the valves were stuck on the pumps um full system checks basically weren't being done because well it's it's a brand new plant why would you want to do full checks you know it's it's new I I'm going to check it that's costly that takes time maintenance wasn't being undertaken correctly um there were there were some examples in the presidential report of um uh the stalagmites and the stalagtites um starting to to build up on some of the coolant pipe work and um that sort of thing should have been spotted straight away um The Operators

themselves were basically untrained you know some of these guys the clever enough guys but they not really had any hours on the reactors control room itself was really poorly designed stuff everywhere if you can imagine The Simpsons um and and the way that hom has his panels it was basically the same everything's shouting everything's screaming off constantly and there's buttons everywhere there's uh control things you're having to scoot from one side to the other um and you'd basically you'd get fatigue now we can see this in in the security industry we can see this in in the operations industry um that if we've got alerts that coming in if you got 50 alerts screaming at you

constantly what happens you start to ignore all of the alerts you stop worrying about anything that starts screaming at you so what happened okay the primary pump to the cooling circuit fails no problems we got backup pumps so automatic startup of the backup pump no problems the plants in the generation two are designed to be semi self-healing so great starts up automatic start with a pump boom pump starts to run we're getting get water coming through the thing but the backup pump couldn't deliver any of the water due to the fact that someone had manually turned off the valves so the temperature rises in the reactor because it's got no in Rush of water the water that's stuck in that

Loop is getting hotter and hotter with the reaction in there okay no problems second safety thing happens the temperature's risen the pressure's gone up because the water's getting hotter and hotter the relief valve opens so that it doesn't get too high pressure no problems relief Val of G starts to dump out some of the pressure into the relief tank no problems because that's opened the reactor now goes I'm in an unsafe state I'm going to scram scram for those that don't know it is um safy control rod and originally it was axman because it used to be when it was early days a guy with an axe chopping the Rope letting the born rods drop through kill a reactor kill the

reaction um it's now the um uh automated um systems uh that basically do that for us we don't have a guy with an ax just dropping everything in so okay system scrammed reaction St stopped indication in the control room um says that the valve is now closed but it's not the emergency core cooling system basically goes this thing's hot so I'm going to dump a load of water into the thing great excellent all of this is automated if it stopped about here this would have just been a footnote in the nucle nulear industry um but they didn't so the operators go well why is the eccs like gone on um like the the valves closed like every

everything should be fine I'll turn you off so the operators turn off the control cooling system the backup pump valve was discovered closed and so they manually opened it again for the um Inlet pump the water from the reactor Loop um continues basically then to pour through the reactor and into the relief tank cuz we' got the relief valve that's still stuck open the Reactor Core basically starts to get uncovered because you're dumping all of the water out faster than you can flood stuff in um at some point some genius goes oh you know what that Tank's getting full we've got a gauge that says that that Tank's getting full and it's starting to overflow um there must be a there must

be a valve that's um open so they go and they manually get down on the floor and they shut the thing so everyone say hey y'all I got a great idea hey idea hold my beer I'm going to put the ECS back on put ECS back awesome you put something cold onto something really hot what happens yeah that's right you pour cold water onto Hot Metal it's going to start to crack so they start pouring cold water into the damn thing it cracks the nuclear product starts to release into the product um into the reactive vessel and then hydrogen's produced inside the thing because now you're splitting water because it's getting so damn hot and you

got all sorts of different reactions going on and then it explodes inside the thing and sets off some pressure sensors and that damages the core even more yeah Lessons Learned so in all of the process there there was a huge chunk of cleanup there was um a lot of decommissioning that they had to do over the next um few decades um there wasn't a lot of um outside environmental impact because most of it was contained in the radi iCal um environment a lot of it was contained within the buildings it was designed to do that um they discovered like this defense in depth worked okay so we had automated systems that were working some idiot turned

things off some idiot turned things back on again but on the whole if they just left it the automated systems would have worked the defense was working um maintenance was absolutely critical to make sure that that was going to work sensors and indicators should indicate the state rather than what was happening it was showing the electrical connection could I send a current to the valve instead of is the valve actually closed and one of the things that they changed on um all of the generation 2 and then Generation 3 reactors is to actually indicate where the valve is they realize that training is massively important and now in the nuclear industry you do like three weeks

on the reactor um normal conditions and then one week in a simulator which looks exactly like your standard control room except everything goes wrong that week and you basically have to train on what to do so they looked at it all they looked at the control room they realized that there was tags over things you couldn't see bits and piece you had to go from one side to the other they've regener regenerated all of the the um generation 2 um control rooms and all of the generation 3es were very different as well all the new generators uh then generating reactors basically have passive cooling so that you can not rely on this Ingress of water so you can just

literally let the thing scram and it'll cool down with convection gen 4S are brilliant so what do we learn in it well sharing information around faults um and common failures Downstream is super important how many of us have suffered with products where something's been known to the manufacturer but they haven't told us huge security hole in a product major flaw in it data goes missing they could have told us we could have patched it we could have fixed it we could have done something but they haven't told us we got to make sure that we've got defense in depth um and this is something I try and design into any of the cloud systems that I'm working on um

that you are not just relying on one single thing to stop the whole process that you've got multiple stages maintenance is absolutely key to ensuring safe practices um if you don't maintain the thing by entropy it's going to start to degrade over time you're going to run out of patches you're going to get out of your software Cycles you're going to end up with bugs creeping in the system automated processes can and do work if you can automate it automate it get it off someone's desk get it off someone's mind because they're going to forget about it they're going to Mis key something automate the systems provide your teams with clear observability about what's happening this is key for operations for

for security Personnel you need to know what's happening on the system you don't want to know something that's happened 5 days ago unless that's what you're searching for to to do some root cause analysis you need to know now live what's happening so we got an established business but we go through some hard times we get to the struggling business where we're having to run as cheap as possible with limited experts Chernobyl who's third of choby yes who lived through it there's only a few of [Laughter] us Chernobyl obviously we've had recently quite a bit of interest in the uh sort of the HBO series and things on it which was a quite good adaptation Chernobyl was um to this day

the worst Global nuclear incident um which happened in the the old Soviet Union which is it's actually now in Ukraine and some of you will know um that um there's there's been renewed worry and concern around that with uh Russia um moving all of its troops through Ukraine and um going through all of the um danger zone um it was ranked seven out of seven on the international nuclear event scale this was a major incident um we don't know how many people are going to die from what happened um the official figures put it at something ridiculous like about 40 dead because of it um the the reality is that the lasting effects the leukemias

the cancers um all of the um contamination that happened to the surrounding areas we're not going to know for Generations how many people are going to be affected and the biggest thing was that it was an avoidable accident so Chernobyl was an MK 1000 reactor this one looks a lot more complicated than the previous ones lots and lots of pip work lots and lots of things this looks um quite big actually um if I'm looking on here this reacor pile is quite big um one of the things you'll notice straight way is that there's a really great floating crane above it that does all of the load Lo and unloading of fuel from the top which makes it nice and

cheap to do that um there isn't a huge strong structure around it we don't have a big contain field around it we've got an environmental cap we've got a a lid on the thing so we' got an up a shield and we've kind of got some lower environmental Shields few floors down with some concrete but um we don't have a big structure because this this is a massive building so to to create a big containment field like we had at Three Mile Island um that would just be extortionate and we need these things to be cheap because with the Soviet Union you know we're pulling not a lot of money from people um to generate social

services and everything that we need the infrastructure um and we we can't really afford to to to have expensive reactors let use the cheapest nastiest fuel that we can get to run these things so they designed this and it was it was a product of evolution um and in general the them was sound however the RBM K reactors although they were cheap to build and run with not having a containment building if there's any problems you're leaking it straight into the structure and then there's not a lot to get you know from that point to the outside world um and they'd also suffered prior incident in Leningrad with the first ever one that they built that one went almost prompt

critical as well and that was covered up and no one knew about it not the scientists not the people that were running it no one because at the time the Communist Party basically silenced everything um they also had a problem of of Zenon poisoning um and Zenon is a is a gas and it's produced on the on the back end of the uh nuclear process in these things it collects in the reactors and it it's an inhibitor so it it quenches some of the um nuclear reactions you expect that to happen um through normal operation when it's running at sort of full power that burns off that decays into different products if you ever get poisoning of

the reactor you shut it down you leave it for a few half lives in 2 days time you can start the reactor again at Chernobyl the safety practices were excessively lack and that was down to management of the place and it was down to um the lack of um any kind of control over these things um the proper test procedures were not followed for this and The Operators believed that the RBM care was basically indestructible what happened well the commissioning of the fourth reactor required a safety sign off all reactors need a safety sign off um this was scheduled several times but they they kept having to do things stuff wasn't working they couldn't pass this test um

they needed to do it to make sure that it was sign off um get it off the desk it been sitting there for about a year um and they need to to be around 700 to 1,000 megaw with the turbines running at normal speed to run the test to check if the power went off before the diesel generators kick back on can we use the turbines to power the cooling pumps to keep everything safe yeah okay that sounds sensible you know we want to keep cooling going no problems so the day shift and the engineers properly briefed and knew what was going to happen they got the reactor in a good State uh they slowly ramped down all of the um

reactor to the right kind of power levels um they had to disable the eccs uh with authorization from the chief engineer because otherwise that would try and do Cooling and scrams and all sorts of things we want to do a real world type environment okay last minute get a phone call from the grid uh I need you stay on line there's a problem with another plant we need more power on the grid tonight can you ramp back up all right okay no problems ramp back up they do a sign over to the night shift night shift sh is going to have to do this one the eccs is left switched off so night Shi starts and the power is

reduced to 700 megaw now we've gone down in power back up in power we're now going back down in power we're not burning off the zenom we get to around about 500 megaw with the rods uh having to be moved to keep the power at that and then it shoots all the way down to 30 megaw and basically goes into shut down stair um so with the middle of the night with the night shift they don't really know what they're doing never done this before uh not experienced on the things uh the reactor should have been shut off um for two days basically to get this thing back into a good condition so everyone say da comrade I

have excellent plan comade I have excellent plan let us drink vodka and start the process vodka and start the process there we go see Audi participation works every time so they attempt to start the test but we're on a really low power we don't really have control over the reactor um they have to violate safety active margins to actually get this test to work so they're turning off all of the automated systems that are going to have safety um out of the 167 control rods that's supposed to be in this thing they have eight eight not 80 not 18 eight this thing basically goes um to a state where it freaks out um so it

automatically goes into the scram mode um reckons like everything's going weird starts throwing water through this thing the water becomes the main Neutron absorber in the reaction um starts creating more reactivity because of the way the reactor is built um and then they shut the turbines off coolant increases temperature is going up pressure is building up in this thing feed light back Loop starts to build up in it as the water heats up creates more cavities um creates more reaction everything starts to go into a really uncontrolled State the Press of the azed 5 button which is supposed to scram the reactor this takes 18 seconds to scram rbmk reactors because it has to move all the control rods down the way

that they are the split with a rod in the middle it's displacing water it's pushing water out of the ways it's going through very slow process so they start to go through the Coe as we push the water out of the way uh the reactor power spikes because suddenly you've got these Graphite Rods sitting in the reactor now you're pushing water out the way you're creating all sorts of cavitation within it with the rods partially inserted it goes from 200 megaw to 53 megaw in 5 seconds generates a massive amount of steam and then the power spikes to over 30,000 megawatt with that much thermal energy um it blows the 1,00 ton lid off the top

of the reactor which was the first explosion so now you've got a reactor that's been Torn to Pieces um the hydrogen that's then produced from all of this splitting water and all sorts then creates a further explosion and ejects 25% of the reactor everywhere start setting buildings on fire uh the reactor um building that's next door cuz obviously Chernobyl was four reactors there were two planned to be built they were basically scrapped after this um but they kept the other ones running they didn't tell them to scram and shut down no no no no put your respirators on T Meine tablets keep going Gods um so you got fire surfaces turning up the graphite fire is going it's

chaos some of you have watched the program some of you live through it what did they learn from the whole process well was a huge outcry across the world because everyone noticed it cuz the entire planet got a dose of radiation um The Operators learned a very sharp lesson there were a lot of things that came of that the operation of the RBM cares was modified um they increased the um control rods in the thing they created brand new um absorbers they started creating uh faster scram processors um and they also made sure that those precautions against people overriding um the security processes what can we learn though as an organization with running on a budget no

experts secrecy reduces and increases uh reduces safety and increases the likelihood of avoidable accidents you need to train teams in these things to make sensible choices not just to do reactive things cutting the corners can lead to consequences later bypassing automatic controls and Safety Systems is unwise clean up is more costly than prior containment how many people have we seen that have have not secured their data over the last few years and the containment of that and trying to get the uh the damage mitigation on the back end of it um looking at you last pass so last one I know we're pushing on time do apologize scenario for the Enterprise established business processes and we've got experts

in come on there we go Fukushima who remembers Fukushima see what it you don't what where where have you been sleeping for the last 12 years oh you were at school okay um so the nuclear accident fuka Dai uh followed an earthquake in a tidal wave um in Japan in 2011 um it is ranked 7 out of 7 as well on the nuclear scale for um oh holy hell um it was a war in 10,000 chance of um basically happening um it never seen a tidal wave of of that uh size before we'd never seen um earthquakes really in the last kind of 100 Years of that scale before um nearly 20,000 people drowned um initially in the region and it

absolutely devastated um the um all the coastal lines and then further in land as well uh it ended up with 150,000 people displaced because of what happened to the reactors um you can see that this reactor looks a bit more kind of sci-fi it's a bit kind of yeah 50 sci-fi kind of reactor um that's because it takes quite a while for reactors to be designed um but it has much more control mechanisms it has much more um suppression systems uh safety things because it knows it's going to be run in a um uh potential earthquake zone so they they design these things in a lot U stronger way big container building lots of concrete structure at the bottom we

do have some open Pond bits that the spent fuel's put in inside the reactor but it's in inside the content building yes we've got blast panels at the top but they're designed to blow out if there's hydrogen gas buildup so that the main reactor is safe looks good looks okay we've got all of the control systems we've got backup generators we're we're all good we're fine you know we we've been running these things it's not a problem General Electric built these you know States is providing us with uh with all the stuff great no problems excellent on the lead up wa they were told multiple times that there's the potential of flooding of the generators

because they put the generators in the basement who puts generators in the basement below the water level they ignored all of the precursor warnings um they ended up thankfully we had three reactors shut down for maintenance and we had um a magnitude 9 earthquake for about 10 minutes which is the longest one that we've had recorded uh which cre a massive tsunami wave basically broke over the protective walls um the automated systems are like no problems it's an earthquake scramble reactors three that are still there shut them off no problems great we're good everything's shutting down there's still cooling water going through we're fine we lose power to the grid no problems we've got generators I'll start the

generators automatically everything's cool no problems 14 M title W hits floods the facility rattles through the facility goes into the basement shorts out all the electric floods all the generators all the power goes off it's okay we got batteries so the batteries start running all of the equipment no problems we've got eight hours of battery life that that that should be fine you know we we can still see what's going on let's shut down anything we don't need to run so we can prolong the battery life and we'll form first some new generators oh all the roads are out all of the infrastructure is toled we we don't have power lines to the grid well we've still

got one reactor online um uh we've still got one generator online um can we Jerry rig something um so they start to lose visibility of all the systems and in the following hours three of the reactors overheat due to just the Decay heat um and no water circulating some of that escapes into the building and we can all probably remember seeing on the news these things going P and then sending shock wakes out over the um surrounding area um these weren't nuclear explosions these were just hydrogen explosions the buildings are designed to do this that was fine it was blowing building up it was causing chaos to the site um but it was designed to do that so that the reactor wasn't

damaged that it let the energy out um after that the emergency service managed to spray the whole now damaged infrastructure but contaminated water then leaks into all of the Sea and the surrounding areas um they finally managed to jry rig the generators and they start stealing batteries from Cars to power some of the systems so they can reduce the risk what did they learn they were given multiple opportunities with potential issues um the defense and depth mechanisms themselves worked to a large extent the things were contained the release of radiation radiation to the environment was smallish not as bad as Chernobyl um containment was basically a problem because of some leaks and things from the earthquake um but what they realized

was that they could start to put these things in called passive autocatalytic hydrogen Rec combiners which is basically like a Catal converter for the power station um in it takes hydrogen in and produces water so that you don't get these big explosions I love these big words the grp um so uh the filter containment venting can now happen on Fukushima we had to vent it to the outside world but they've now fitted u retrofitted a lot of um things to uh depressurize the reactors that get too hot um and filter out all the radioactive content um what can we learn in it well you can't always prepare for the edge cases but you can make inroads to

them can't always um think you know this is going to work and this is going to happen all the time on these ones but we can make an inroad good maintenance is critical to the defense in-depth processes we need to listen to our Engineers if they're saying we got flood risks you got problems with this you got data I'm here you've got security rules allowing the world in you need to sort these things we need to listen to them you need to build in good margins of safety with your systems and layer the defenses learn from your incidents and iteratively improve so what can we draw from all of those killchain defense you probably all

heard this within um security um and your communication to teams critical you've got to train your operat as well you need regular maintenance Cycles you need to be doing that if you're not doing it then really guys just like I would I would urge you to push your teams to do regular maintenance consider your runtime requirements who's going to be looking after it who's going to be operating it what they're going to be seeing um make intuitive decisions based on good information backup and restore strategies are super critical we started off looking at the international nuclear event scale but we can equally transition that to an operational Devastation scale with exactly the same categories just

changing it to being systems and data it's scary how we can end up with systems that go into insane territory really quickly so that was long I'm really sorry for those that thought too long didn't listen automated fail defense in depth regular maintenance containment methods for your boundaries and critical items train your staff communicate communicate communicate the worst will happen plan and prepare for it so what's your perception of insert job title they're not evil people they're just innocent men just normal men trying to do the best they can and that's all we are we're just trying to do the best job we can and we will end up with accidents we'll end up with

problems but if you can't remember the past you're condemned to repeat it bonus one before I get thrown off the stage by Sam uh the material at home I use is on the front of the Simpsons because of its color because of the glow and the we he's handling it has to be Cobalt 60 if that's Cobalt 60 it takes former 10 minutes to get home he wouldn't even make it home at the point that he starts throwing it out the car he's IR radiated his body he's insides a goop he's deciding to die on the side of the road how did he do that the guy is like I don't know metab born or something but

anyway thank you very much really appreciate [Applause] bid thank you very much do we have any questions for Rick that do not involve Homer Simpson do we have any question oh just going back to the Fukushima one there um there is obviously if I think about uh security and it somebody identified the vulnerability which was the the generators are under the under the you know the water table or what have you did they just dismiss it as unlikely yes um so they did they did two things um one they actually they had a flood they had some water get into um one of the um gener generator basement Parts um and um what they did was they installed

some doors on that one um so they they did react to stuff post event on one of them um but then they ignored the rest of it that basically said we know you've had like title we of this your your storm walls 10 m it's likely this is going to be bigger than that and they just kind of went nah it's not going to happen so they just kind of left it so they did in part um but it wasn't good enough so it's Japanese for do do any other questions for

Rick returning to the um Fukushima one I thought the reason it all blew up was that the fire engine they forgot got to fill it up with diesel and that was what was doing the pumping and they couldn't get back to it so they ran out of diesel and then everything went to wrong and then the second thing is what's your uh view on the current um Power Station in Ukraine and how that's going to end okay so the uh the first point um around um what was causing the explosion um that that was a result of um some of the gases leaking um from the damaged uh reactor um itself and and into it and uncovering

of um some of the uh spent fuel um ponds that were inside um basically uh ending up with hydrogen inside um they did try and hook up um some of the um uh fire engines when they manag to get them through um because they were fighting effectively four reactors um at the time they had they had problems with those um and at one point they they hooked up there was an explosion that damaged all of the hookups they then had to go and get more electrical um connections refixed and they had to get the um uh the fire engines to to hook up bits and pieces again so it was a multi-stage on that in regards um chobble and and kind

of the way that things are um I don't think we're in a in a bad state that there was some issues of um radiation going up because they basically drove an army through there that's going to kick up dust um you know tanks are not exactly they did the poor soldiers didn't realize where they were and were just digging trenches I'm just going to dig my own grave yay um hello leukemia um so um that you know they were they were causing all sorts of um craziness there I hope that things are going to resolve themselves um over there uh very soon uh I don't think there's any danger the the technicians over there are all fine um

they're free to move around now um they're not working under stress um situations um but it is something that is going to last for hundreds of years as a problem a round of applause for Rick [Applause] wo