Cyber intrusion at USA multiple nuclear power generation sites this year

Nuclear breach opens new chapter in cyber struggle, Blake Sobczak and Peter Behr, E&E News reporters Energywire: Tuesday, June 27, 2017 U.S. authorities are investigating a cyber intrusion affecting multiple nuclear power generation sites this year, E&E News has learned.

There is no evidence that the nuclear energy industry’s highly regulated safety systems were compromised. But any cybersecurity breach — targeted or not — at closely guarded U.S. nuclear reactors marks an escalation of hackers’ probes into U.S. critical infrastructure.

Electricity-sector officials confirmed yesterday that they are working to unpack the significance of the secretive cyber event, code named “Nuclear 17.”

Asked about the case, a representative from the North American Electric Reliability Corp. (NERC) said the nonprofit grid overseer “is aware of an incident” and has shared information with its members through a secure portal.

U.S. energy utilities pass around information on the latest hacking threats and vulnerabilities through NERC’s Electricity Information Sharing and Analysis Center. That organization “is working closely with the government to better understand any implications this incident might have for the electricity industry,” NERC spokeswoman Kimberly Mielcarek said in an emailed statement.

E&E News has reached out to nearly two dozen owners and operators of nuclear power plants for comment. None of the companies that replied by last night shared additional information on the incident, the details of which may be classified…….

Nuclear 17 and recent threats

An incident of this kind would almost certainly attract the attention of the Department of Homeland Security and the broader intelligence community, though a DHS spokesman did not confirm whether the agency was involved yesterday. If the threat rises to a certain level, members of Congress with intelligence oversight would also be looped in. Senate staff members would not confirm if they’re looking into the nuclear breach when asked for comment yesterday afternoon.

Even relatively routine cyber intrusions at sensitive facilities can trigger a high-level response from government and industry, given the potential stakes involved. In another recent nuclear breach, a South Korean state-owned utility reported losing potentially sensitive data to hackers in 2014 and 2015, though the attackers didn’t get into operational systems (Energywire, July 14, 2015).

Earlier this month, however, back-to-back cybersecurity warnings from U.S. officials put grid operators on high alert.

The twin threats came from Hidden Cobra, the U.S. government’s nickname for North Korean government-sponsored hackers, and Electrum, a separate group that cybersecurity firm Dragos Inc. has linked to a first-of-its-kind hacking tool designed to disrupt power grids.

NERC posted its first public alert of the year this month about that grid-focused malware, which Dragos calls “CrashOverride.” Experts claim it was used last December to briefly knock out power to part of Ukraine in an attack tentatively linked to Russia-based hackers. DHS issued its own alert about CrashOverride, then followed up with a separate report on a far-reaching campaign of North Korean cyber activity hitting “critical infrastructure sectors” in the United States and globally.

It’s not clear where Nuclear 17 fits into that timeline of recent cyber events. But even if it never jeopardized nuclear processes or grid reliability, a successful breach of non-safety systems at a nuclear power plant is troubling, said David Lochbaum, director of the Nuclear Safety Project for the Union of Concerned Scientists.

“If they are able to introduce mayhem there, what else could they do?” he said.

Nuclear plants had an extra margin of safety in their legacy controls that were “old tech” and thus harder for outsiders to penetrate. “As more and more systems are converted to digital controls, there could be more and more opportunities for problems to crop up, deliberate or inadvertent,” Lochbaum said.

“The Nuclear Regulatory Commission and the industry are not unaware of that threat,” he added. Even if safety systems were not apparently affected as part of Nuclear 17, malicious actions directed against comparatively less critical equipment could still have knock-on effects if hackers managed to unexpectedly disconnect a nuclear plant from the grid, experts say.

Such a sudden disruption would send a pressure “pulse” back to the reactor and turbine, which would still be generating electricity with no place to send it. The reactor would immediately “trip,” setting in motion a series of planned actions designed to bring the reactor to a safe shutdown condition…… https://www.eenews.net/stories/1060056628