I'm worried. I've been following the Maersk outage. The world's biggest shipping line still hasn't fully recovered. Their less automated ports were down for several days. LA and NJ finally came back up about two days ago, but operations are still partially manual and they're running longer hours trying to cope.
Their most automated port, Maasvlakte II in Rotterdam, is still processing imports only; no exports. Some containers there are stuck in the stacks; they have a list of which containers can be reached. They're requiring paper customs forms and a paper commercial release, instead of their usual paperless system. Earlier, they were so down that the automated cranes could not unload ships. This is what Maasvlakte II looks like in normal operation. There are no people on the quay at all. All those cranes and AGVs are automated.[1]
Maersk's financial side is still down. They're not sending out invoices, which means zero revenue. They just announced a price cut, to keep shippers. Some of their phone and email systems are still down. The booking side is now up, so they can take new shipping orders.
This is the first time we've seen real-world outages of this magnitude. It may not be the last.
(Where's the Flexport guy who posts on here? He has to deal with all these problems. Flexport is a freight forwarder, which means that when something goes wrong with freight they are forwarding, it's their problem to fix it.)
Maersk has been emphasizing that they're back up at most of their ports, but not emphasizing that the really big automated ones, Elizabeth NJ, LA, and Rotterdam were hit hard. The mainstream press gets their info from press releases. Most of the press coverage reads "Maersk says". I have yet to see an article where someone went down at the docks to find out what's going on, or called a union rep, or talked to truckers.
There's coverage on gcaptain.[1] Mentions on Reuters.[2] There's lots of coverage on the sites that cover container shipping. Most of the people in that business are probably working overtime right now. With Maersk down, cargo all over the world had to be re-routed.
All the status info is on line, but not in a journalist-friendly form. Maersk has a temporary "Operational Update" page.[3] You have to read through a lot of material to see what's up and what's down. As of late today, almost everything is at least limping along except at Maasvlakte II in Rotterdam. Their web site for booking and tracking has a banner which says "Submit Shipping Instructions and Booking are available but without email confirmation. Tracking, Online Quote and Binder are unavailable. Schedules last updated 27th Jun so may be inconsistent." This is not "back to normal".
Here is the Port Authority of New York and New Jersey's latest alert page for truckers: [4] That's a good read, because it's a no-bullshit source of info. Somewhere at the Port Authority, there's someone with a clue who gathers that info and gets it out. Staying open late and operating Saturday is not normal. Maersk APM's status page for LA is totally bogus; it hasn't changed in the last week.[5] The online gate webcams at Maersk's port in LA are still down.
(I've followed this subject because I'm interested in mobile robots which do something useful. Maersk's Maasvlakte II terminal is one of the largest mobile robot operations in the world. Probably the biggest by tonnage. Downtime on this scale is a major event in robot history.)
You're right. A big thing in the news around here lately has been one punch kills. I have no idea is it was always a thing and not reported as such or if we've somehow become softer.
Smaller than global shipping, but I purchase pet food for veterinary clinics and Royal Canin (subsidiary of Mars) is still not at 100%. Their order fulfillment and accounting were hit.
I suspect this hit many B2B companies that we're not hearing about because they're small and we aren't customers.
to be honest, I'm following them in the hopes that they crash and burn and that this makes everyone else pay due attention to security.
but I also can't quit the paranoid thought that this would be the perfect cover to conduct a secret operation requiring tons of material delivered all over the world. it's much easier to abuse/manipulate/bribe when everyone users paper records.
Unbelievable! This kind of victim-blaming has to stop. Maersk were infected because they downloaded software updates! Their software provider got pwned and malware was delivered past their firewall. How is it their fault? How do they deserve to burn? I suppose it would be the plant's fault if some stuxnet variant were to irradiate the eastern seaboard? You seem to have conveniently forgotten that it was the US government who created the means here. And what is Maersk's Total Cost Of Ownership(TM) looking like now? Perhaps the best strategy for them and all companies now is to trust only themselves and to only consider non-proprietary software in future. The idea that some aircraft carriers are running Microsoft is chilling enough. None of the SCADA for nuclear power plants will be on Windows thankfully.
My impression from OP wasn't victim blaming, but more of a ruthless "break a few eggs" in order to have enough of an impact for other critical businesses to take security more seriously.
I disagree. If best practices had been followed, the damage would have been minimal.
Even if the initial infection was caused by an infected software update, its spreading mechanism relies on misconfiguration or unpatched software.
> only consider non-proprietary software in future
I'm a big proponent of open source software, but how is this relevant here? Microsoft handled the initial disclosure perfectly and provided patches before the vulnerability was publicly disclosed. By the time this attack happened, the patches had been out for a few months.
I certainly hope that they recover from this, but it's not like that kind of attack is hard to prevent.
> Unbelievable! This kind of victim-blaming has to stop.
Victim blaming is bad at the outset of a problem. It's certainly bad in its usual context of sexual assault of the "ideal victim" by the "ideal perpetrator" [1]. But this isn't a case of an ideal victim. It's more like going on a safari in the Darfur region of Sudan. Have you not read the news at all?
"Hack me once, shame on you - hack me twice, shame on me". When shipping conglomerates, energy facilities, and manufacturing plants across the globe continue to be victims of hacks, and continue to devote little effort or funds to security, it's no longer the fault of the hackers.
> None of the SCADA for nuclear power plants will be on Windows thankfully.
I think the problem that is that the SCADA for nuclear power plants probably doesn't have the security you think it should. Download some Rockwell software, hook up to the Ethernet or set up a VPN on one of the office PCs, and enter "admin" and "password" and you'll probably be in at a lot of places. Perhaps, we can hope, not at a nuclear plant - but definitely for, say, an old coal plant, local government's municipal water, sewer, or traffic control, low-margin industrial manufacturing...the list goes on. The whole economy is cobbled together by networks that the engineers were pleased to just get to work in the few hours that their quote allocated for that task.
When the project is behind schedule and over budget, all that management cares about is the black-and-white, yes-or-no answer to the question "does it work?" There is no time or money for security. And when you take those shortcuts, you'll have no one to blame but yourself when you get hacked eventually.
Although curiously the most tightly constrained place I've worked was a swiss bank (horrendous) even more than a UK government agency, my personal experience of working in such a plant is that there is a lot more diligence than your usual business workplace and that the office is very much separate from the station. You never need (and need is key) to copy files from without for instance, (no Windows behind the curtain). The budgets are much bigger and due to being very process heavy, deadlines are theoretical minima only, certainly management are not as you describe. Generally staff were very highly educated, very security conscious and in absolutely no hurry.
I felt the comment was blaming in that they would serve as an example and that that would be okay as they were at fault somehow. We do not know the infrastructural constraints in terms of legacy software with regard to whether they can safely take patches and it is unrealistic to expect large organisations such as Maersk to be able to do so automatically in my view. Having some small inkling into the matter, I feel that people must be arguing from a point of ignorance to suggest otherwise. I have even seen these script kiddie fans cry 'patch your shit' as if it is okay to release malware to global scale companies and they are somehow absolved from blame. It certainly is not.
>"This is what Maasvlakte II looks like in normal operation. There are no people on the quay at all. All those cranes and AGVs are automated.[1] ... [1] https://www.youtube.com/watch?v=zm_rlLyelQo"
This looks like scale models to me. Check eg 32 seconds in.
It's called tilt-shift effect, it's usually simulated by adding two blur bands on the top and bottom of the image. It can be done with a special kind of camera lens, but it's not usually done that way because of their price.
>"For video sequences, a way of strengthening the miniature impression is to run the video at higher speed than it was recorded. This appears to reduce the inertia which would normally limit the motion of large objects."
https://en.wikipedia.org/wiki/Miniature_faking
So why are the film makers using multiple techniques that make this video look "fake"? I'd think they would want it to look real.
Because first you may think it might be fake due to video effects and not seeing any people. Then you realize it's actually real and end up even more impressed with Dutch innovation!
Since May, hackers have been penetrating the computer networks of companies that operate nuclear power stations and other energy facilities, as well as manufacturing plants in the United States and other countries.
Wolf Creek officials said that while they could not comment on cyberattacks or security issues, no “operations systems” had been affected and that their corporate network and the internet were separate from the network that runs the plant.
Good, I'm glad they are not insane, but I also hope they have pretty stringent rules to keep personnel from plugging in unverified devices. Stuxnet should be a lesson to all.
They're not insane; they're just lying. 15 years ago it was believable that control networks were airgapped from the Internet. But today, the likelihood that some low-level tech has plugged a wifi router into the control network for his own convenience approaches 100%.
This seems unlikely, based on a past experience writing software for a nuclear facility.
While nothing is unassailable, everything I experienced made me feel generally better about the approach these people took to safety. They wouldn't allow people to use spreadsheets to make decisions... literally this was not allowed, you had to have an app with testing and verification systems. Also, they pointed large automatic weapons at me while searching every crevice of my car, using long sticks with mirrors and various other instruments. It was a relief to see that they take security and reliability more seriously than any other kind of outfit I've worked for, ever. The monitoring had monitoring.
If you did that in my previous company, you would get a visit from IT and a good tongue-lashing from your manager within 15 minutes of doing that. As a 20-something, it seemed like an overreaction. As a 30-something, it seems perfectly reasonable.
Yeah no. Execute the managers - that'll fix it! Except its been tried (in history - feudal system etc). It results in management being entirely replaced by risk-taking con men, the only one who'll take the job.
You would think by now the US would have dumped some millions into developing some proprietary network protocols for the "kill the earth" button they've developed?
Is it so naive to imagine there are tech firms who could/would lobby for a no bid contract to do it?
I'm not an expert but I think there are some interests aligned there. If Trump has enough political capital to push plans forward to overhaul everything, this doesn't seem that far fetched.
15 years ago the world was still coming to grips with cyber security, in the desktop realm it was a race to install and patch windows xp before it became infected with malware.
Today if infrastructure is not 100% airgapped (and even that isn't necessarily enough) then it should be considered criminal negligence.
Note that just penetrating the office/business network is highly valuable, because there's probably technical information on there like training materials, blueprints, operations guides, procedures, etc. This can help the attackers immensely to get past the airgap and once they get past the airgap.
I've sure seen a lot of PR statements regarding cyber security that read: "We can't comment on X. That being said, here's a vauge comment on X that sounds reassuring and highlights our competency!"
Wasn't wolf creek one of the addresses from that link a year or so back with insecure VNC installs open to the internet? There was quite a bit of critical infrastructure on there, wide open, iirc.
This might be the most top-heavy title I've ever read, given the economy of words. "Hackers Are Targeting Nuclear Facilities, Say Homeland Security Dept. and F.B.I." would be much more balanced - or am I just off my rocker?
Indubitably any facility of sufficient complexity or strategic value will draw more or less continuous unwanted attention from foreign state actors. 'Targeted by hackers' could include port scans and phishing attempts. What with the recent, perhaps only perceived, upsurge in activity it is hard to know whether this is complete bunk, nsa-script-kiddie open season or something even more sinister. It is sad that the agencies in question no longer enjoy the level of trust by the public they once had.
Whenever I see (nytimes.com) after a URL I know that there's some big long bill that's been sitting in a drawer somewhere that's going to suddenly get pulled out of that drawer and will be voted on next week and this is just setting the stage for it.
You're implying that most articles on nytimes are written to preemtively lay support for future bills? That seems like a pretty strong statement that'd need at list a hint of evidence with it.
Has this been a pattern? Do you have examples? Are there stories that the nytimes covers that other papers don't cover that suddenly become bills? What inspired this?
Your post comes across as a lot of innuendo without providing any support... at all.
Trying to look around, it's actually pretty difficult to support or disprove this retroactively. For one, NYT's archive is kind of behind a paywall. My searches only net me some NYT blog entries usually not related to anything of relevance.
Secondly, even if I were to find an article that is related to some piece of legislation, it would only be speculative and wouldn't prove that it is a "hit piece" in support for or against it.
Thirdly, off the top of my head, I can only think of a few things: SOPA from January 2012, Patriot Act (as mentioned earlier), the iPhone/FBI encryption fiasco (which did not result in any legislation yet, afaik), Net Neutrality, and Snowden/Wikileaks stuff (again, did not result in legislation afaik).
More examples are always welcome, but as I said, it is really tricky to speculate on the existence of a conspiracy based on a few articles and some hindsight - you really open yourself to confirmation bias, subconsciously. And for the record, I'd love to prove this is true.
You're missing the obvious point, which is that anything to do with federal legislation is likely already a newsworthy topic, moreso because of pending legislation to address it. Finding NYT stories preceding legislation passing is almost a perfect example of correlation not equalling causation. Even a consistent pattern of (NYT story, legislation passes) demonstrates nothing about whether the NYT story is a planted bit of propaganda to ease passage of the bill.
I believe the original assertion is that there is a non-obvious connection between a newsworthy article and a piece of legislation, and that the article is planted to sway public/congress opinion a certain way.
As I said, this kind of thing is extremely difficult to prove without a smoking gun (e.g. an email from the head of state to the head of NYT instructing them what to publish, when or why). And, as both you and I agree, it is impossible to prove without equating correlation/causation or having confirmation bias in retrospect.
You dont really believe major news outlets are impartial and only report the truth, right? Although most of the time its what is NOT reported on that is the biggest threat.
and i dont need any examples to prove my point other then, read some history and get educated.
Not the OP here, but I'd like to point out the obvious:
1. No news outlet is impartial, neither major nor fringe outlets. (Most fringe outlets are more partial, though.)
2. Major news outlets mostly report the truth and correct errors when they are discovered.
> read some history and get educated
I always ask critiques of major news outlets to suggest alternative news sources and they either come up with nothing or evidently ridiculous suggestions such as blogs, conspiracy sites, and fringe right-wing or left-wing news aggregators that barely employ journalists, let alone a network of correspondents.
The best way to keep yourself informed is to compare different major news outlets, and if they agree on a story, then it's most likely true, because there is only one reality. It's really as simple as that.
Speaking of news oulets. John Oliver had a rather eye opening piece about local news oulets in USA and centralized ownership. (Not that USA is unique in this aspect, but interesting non the less)
Rubén Santamarta is going to talk about vulnerabilities that affect widely deployed radiation monitoring devices in nuclear facilities.
"The purpose of this talk is to provide a comprehensive description of the technical details and approach used to discover multiple vulnerabilities that affect widely deployed radiation monitoring devices, involving software and firmware reverse engineering, RF analysis, and hardware hacking."
If this was the 50s or 60s the government would never allow a talk like this to happen. Anything to do with nuclear was kept as a black art. Fortunately that paranoia has lifted so we can have safer systems.
I'm skeptical that there's a real threat to nuclear facilities. I've visited reactors before and seen first hand that the control rooms are all still based on analog components. The reason for the analog components is precisely because they are reliable and unhackable. When it comes to physical security, I can't think of a harder place to break into than a nuclear power station. You're not going to sneak in that's for sure. This reeks of manufactured consent. Are you afraid of hackers yet?
I literally do not know anything about this. Didn't even know Belgium had a nuclear power plant. Source please?
I can't speak for Europe, but I know in America even if you worked at the place you're not pulling off an attack. You're not going to sneak a gun past the check point. If you do somehow sneak in a gun or a knife, you're not going to live very long before the guards kill you. You're not going to get into someplace where your keycard/job status doesn't let you. Overall the most likely outcome is you trigger an unscheduled reactor shutdown and throw your life away. I can't imagine anyone making a 6 figure reactor job salary throwing their life away. Money > religion.
I don't know the specifics of this particular plant's security procedures, but it's unlikely he was in a position to do any significant damage to the plant, and his clearance process was likely much less involved than would be for someone who is in a position to do real damage.
I'm genuinely surprised. Too bad we can't interview him. He certainly doesn't fit the profile of the typical jihadist.
Still I stand by my point. Attacking a nuclear power-plant as an inside job is virtually impossible. There's enough physical security and mechanical fail-safes that nothing bad would happen.
Edit: also what the other guy said. He was a weld inspector. Nevermind, everything makes sense now. Sensational scare article is sensational.
Government warfare is really the worst thing that has ever happened to the internet. I wish they would leave this old-fashioned territorial thinking to rot in the material world.
I hate to be that guy, but you know that the internet as we know and love it today started out as ARPAnet, right? The internet was domesticated, not weaponized.
As long as the systems controlling infrastructure (of any kind) are network accessible, they are internet accessible. Hence, they will be attacked.
Convenience always works to the attackers gain, and convenience is the name of the game for engineers and managers and support staff. Unless the system is physically isolated and protected and there is no kind of networking available, it is effectively crackable. Even if physically isolated, staff can still be bought.
It's unlikely that hackers could manage even a Chernobyl-scale problem on a modern nuclear plant. Chernobyl had several horrendous flaws. For one, it had a positive feedback: as the fuel got hotter, the reaction sped up. With modern plants the opposite occurs.
Also Chernobyl had no containment dome.
Even the old GenII designs in the U.S. have much better inherent safety than Chernobyl had. There's no way to hack away physical barriers. Even TMI, our worst accident ever with a full meltdown, did not breach the containment barriers.
And of course with any commercial plant, there's absolutely zero chance of an actual nuclear detonation, much less a thermonuclear one as mentioned in the comment above. The fuel just isn't enriched enough to work as a bomb.
Because the US has clearly stated it wants Assad out of Syria, and Russia has clearly stated it wants Assad to remain. And nobody gets away with telling the US how it's going to be when it comes to oil supply.
Is the implication that oil supply has much to do with Syria? I understand Russian natgas companies have some pipelines that traverse the country into Turkey and their eventual customers and Europe, but I'm failing to see what that has to do with oil and the US. The US gets most of its oil from Canada.
Yes, it would be more apt to just admit the feds consider that their playground and don't want someone else playing there. (probably the US fed people doing it want 'democracy' and the Russia people doing it want 'stability' but the exact ideology is unimportant since neither is really acting in accordance with that ideology so much as just stirring the pot)
Yep, could be a great opportunity to study the attackers by fronting each plant with a honeypot whilst making sure the real systems are air-gapped and require a two people with physical keys to insert a USB stick into the one system that has them.
The US administration is under the impression that they can wage a conventional war against an adversary like North Korea, yet this is the same nation-state actor that is claimed to have hacked into Sony.
If North Korea is attacked militarily expect hell to be unleashed online. What we've seen is just experiments, not actual attacks. A full-out war could be vastly more damaging.
Please. "Hell online" is going to be trivial compared to the thousands who will die in the first hours of the conventional artillery shelling of Seoul. Let's not pretend that some leaked emails are in any way going to be as bad as that.
And frankly, hacking into Sony is not that hard to do.
I honestly don't know what's worse. Shelling Seoul, which will be bad don't get me wrong, or killing the power grid and water systems of entire countries. The latter could utterly cripple logistical systems and lead to a total melt-down of society if there was enough panic brewing. If there's shelling you can evacuate the city, you can head out of range of the guns. There's nowhere to hide from electronic warfare if your entire society depends on power, fuel and computers.
This isn't about leaked emails or advance copies of movies, it's about attacking and permanently damaging large portions of infrastructure. If you can fiddle with a power plant you can destroy generators, transformers, and other extremely expensive equipment that could months to source, fabricate, transport and replace under ideal conditions. They don't have a warehouse full of spare turbines just sitting around.
Stuxnet showed what can happen if you pin-point target a particular system. If you broaden the scope of your targets, if you don't care about collateral damage, the stakes are very, very high.
Hacking into Sony wasn't hard and I have a sneaking suspicion that most infrastructure control systems are as bad or worse.
The black-out in eastern North America in 2003 shows how suddenly things can change if the grid goes down. That only lasted a day and yet the economic destruction was significant. Imagine if not only were the power plants offline, but they were crippled in such a way they couldn't come back without serious repairs. That is a possibility here. Months without power, without water.
Just ask yourself which would be worse for you, say, a week or even a month without power or a rain of explosives randomly demolishing buildings in your city.
We can get stuff working one way or the other without networked computers but there is no reasoning with shells.
There's been a lot of civilian casualties in Syria where large cities like Aleppo have been bombed to hell and back, but millions of people made it out of there alive.
It's not a great situation to be in, but many were able to flee to better places. If the entire grid is down there are no better places.
Shelling a major metropolitan area will kill thousands of people within hours. The power grid going down doesn't typically kill very many people unless it is down for a long time.
It won't be MY city they are shelling, they cannot reach my city with their guns. Even if they could we are low down on the list of targets. However they can reach my city in a broad bring down all water systems attack. I suspect there are only a couple vendors of water control systems so if there is a hold in one vendor's water control system they will attack everyone at once. Tiny towns with < 500 people will be hit, and I don't know if my town is one or not. (actually tiny towns are probably easier to target, large cities probably have a mix of systems so they are more likely to get by with a general everyone conserve water message, whiel the small towns are down completely.
Many municipalities have sold off large chunks of their infrastructure to private companies that are always more concermed with profit than expenses like "security".
It stands to reason that the smaller towns will be hit the hardest since they're the least prepared for electronic warfare. Their IT department is going to be the same guy that tests the water and removes dead animals from the reservoir.
Hospital generators will run dry within days, and then you'll be losing thousands of people who are dependent on life-support equipment, medication that needs refrigeration, or those that are in urgent need of surgery.
You have about 48 hours until things start to get really ugly. See also: Hurricane Katrina. They were able to minimize casualties by moving people to other hospitals that had power. Imagine if there weren't any.
Ok. When someone actually has some concrete information that would indicate North Korea has the capability to "attack and permanently damage large portions of infrastructure", anything equivalent to Stuxnet, or an intelligence service capable of delivering such threats to critical infrastructure, I'll worry about that then.
I just think their conventional military, their continually improving nuclear program, and their ballistic missile technology are a lot more real and a lot more dangerous than the cyber-pocaylpse people have been trying to scare everyone with since the nineties.
Didn't that single event have far reaching effects on American and worldwide culture? In this case it ended up being positive in my opinion(helping develop hip hop and rap through stolen DJ equipment[1]), but there's no guarantee that a similar event would also be positive. That is especially the case if an actor is trying to cause as many problems as possible.
It wasn't a malicious event, nor was the 2003 sequel. They were able to get the grid back online bit by bit by coordinating between power generation companies using other infrastructure.
Imagine if not only is the grid down, but the phones are down, the water's down, and air travel is grounded because the control towers operators have been shut out of their systems.
Plus, as you're trying to restore the systems with what limited communications you have someone is actively trying to prevent you from doing your job, or there's enough booby-traps in the system that you basically need to re-install everything from scratch and reconfigure everything.
This also presumes no critical equipment was damaged in the attacks, which it probably will be. North Korea would want to wreck as much of everything as they possibly can if they're fearing a regime-ending invasion.
Last week Maersk was shutdown worldwide for 24 hours, how long do you think major cities can keep going without that cargo coming in? How long can the keep going if the water or electricity supply was compromised?
As terrible as a shooting war in Korea would be, it's still a lot better than a potential full scale cyber war.
People worked their asses off to avoid Y2K, everything needed to be tested, patched, and tested again.
Unfortunately we have not been as vigilant about security. We're barely able to handle script kiddies armed with a bot army of webcams. We're completely unprepared for when a nation-state actor declares electronic war.
You're right that as we get more and more automation going on our exposure surface grows dramatically.
The casualties will, and should, stun people. The Korean War, 1950-1953, total civilians killed/wounded: 2.5 million (wikipedia), and cost $341 billion in 2011 dollars (Congressional Research Service).
And then there will be a massive refugee problem on both sides.
So long as the planet of the population keeps going up and the population density of cities increases the chance of multiple millions of people being killed in a single military exchange keeps escalating.
I'd like to think we can keep a lid on things and work it out in a more civil manner, economically it makes more sense, but you know, dictators don't really care about economics as much as they do ego.
Maybe I won't have to wait for sea level rise to wipe my hometown off the face of the earth, some jerk in Russia will pop the nuclear plant that's up-wind and it'll be uninhabitable.
The NYT was one of the chief cheerleaders for the Iraq War, both through Judith Miller being an outright mouthpiece for Bush administration propaganda, and more generally through being a friendly media outlet of "balanced" thinkpieces that set the stage for popular support for a non-declaration-of-war (the AUMF) that allowed Bush to invade Iraq based on some nebulous threat of a WMD attack in the U.S. that was never real.
Every nuclear power plant in the US has an NRC mandated Safety Parameter Display System. These were retrofitted after the TMI-2 meltdown. The SPDS is supposed to provide a concise view of critical parameters to avoid the sort of confusion that led to the TMI-2 incident.
In 2003 Davis-Besse had its SPDS disabled by SQL Slammer, a worm that congested the network on the site. So in answer to your question, yes these 1970s plants do indeed have devices interconnected in the contemporary manner, and compromises of these networks have already produced reportable events.
The core components of our power reactors are not at the mercy of software; operators have authority over reactor protection systems that are deliberately independent of complex digital controls. Nevertheless, a clever attacker could probably engineer enough confusion or interfere with ancillary systems badly enough to produce a notable incident such as a SCRAM. That would certainly make headlines and lead to a prolonged investigation.
Is it possible that greater damage could be done? Anything is possible. If so I'd imagine it might involve cooling pools, their circulation and alarms... who knows. Given enough time, knowledge and planning it might be possible to cause a serious problem.
It depends. Fission is complex. Factors include reactor design, fuel age, xenon accumulation, which parts of the RPS tripped, whatever axles the resident NRC inspector(s) wrap themselves around... those are few I can think of as a layman.
"Do they have any sort of fast recovery procedure?"
While operators do strive to minimize outage there is no general "fast recovery" procedure. There is a startup procedure and that's what you follow. If everything is optimal then 12-ish hours to begin the restart, several hours thereafter to become critical, then a relatively slow process of pulling rods until full power is achieved. "Hot xenon" startups are something you study and practice in a simulator.
The military has other prerogatives and naval reactors see rapid and frequent transients. Naval reactors are built (at great expense) to do this. They're also smaller than civilian power reactors; a 165 MWe naval reactor being thought "large" whereas a 600 MWe civilian power reactor is on the small side.
Non-safety-critical components in the steam plant are likely to have networked PLC control. While nuclear probabilistic safety assessments support that licensed reactors can safely endure casualties involving such components, the safety system is subject to failures and crippling the plant and causing a reactor transient is likely a good enough result.
Their most automated port, Maasvlakte II in Rotterdam, is still processing imports only; no exports. Some containers there are stuck in the stacks; they have a list of which containers can be reached. They're requiring paper customs forms and a paper commercial release, instead of their usual paperless system. Earlier, they were so down that the automated cranes could not unload ships. This is what Maasvlakte II looks like in normal operation. There are no people on the quay at all. All those cranes and AGVs are automated.[1]
Maersk's financial side is still down. They're not sending out invoices, which means zero revenue. They just announced a price cut, to keep shippers. Some of their phone and email systems are still down. The booking side is now up, so they can take new shipping orders.
This is the first time we've seen real-world outages of this magnitude. It may not be the last.
(Where's the Flexport guy who posts on here? He has to deal with all these problems. Flexport is a freight forwarder, which means that when something goes wrong with freight they are forwarding, it's their problem to fix it.)
[1] https://www.youtube.com/watch?v=zm_rlLyelQo