nuclear-news

 “………The stakes are high for this multibillion-dollar sector: a cyberattack combined with a physical one could, in theory, lead to the release of radiation or the theft of fissile material. However remote the possibility, the nuclear industry doesn’t have the luxury of banking on probabilities. And even a minor attack on a plant’s IT systems could further erode public confidence in nuclear power. It is this cruelly small room for error that motivates some in the industry to imagine what, until fairly recently, was unimaginable.

he Nuclear Threat Initiative, a Washington-based nonprofit co-founded by Ted Turner, has tallied about two-dozen cyber incidents since 1990, at least 11 of which were malicious. Those include a December 2014 attack in which suspected North Korean hackers stole blueprints for South Korean nuclear reactors and estimates of radiation exposure to local residents. The affected power company, which provides 30 percent of the country’s electricity, responded by carrying out cyber drills at plants around the country.

In another attack, hackers posing as a Japanese university student sent malicious emails to researchers at the University of Toyama Hydrogen Isotope Research Center, one of the world’s top research sites on the radioactive isotope that makes a hydrogen bomb. From November 2015 to June 2016, the hackers stole over 59,000 files, according to media reports, including research on the ill-fated Fukushima nuclear plant.

Any list of cyber incidents in the nuclear sector, however, is very likely incomplete. The US Nuclear Regulatory Commission, for example, only requires operators to report to the commission cyber incidents that affect the safety, security functions, or emergency preparedness of the plant, excluding potentially significant attacks on IT systems. It is, in general, extremely difficult for a hacker to breach a plant’s inner control systems implicated in the former category, but not nearly as challenging to penetrate the non-critical IT networks included in the latter……..

One of the first known cyber incidents at a nuclear plant took place in 1992 when rogue programmer Oleg Savchuk deliberately infected the computer system of a plant in Lithuania with a virus. Savchuk was arrested and became a precautionary footnote in the history of nuclear security. It would take a set of much more seismic events to illuminate the danger of cyber threats to nuclear operators.

In March 2007, with US energy regulators looking on, engineers at the Idaho National Lab showed how 21 lines of computer code could cripple a huge generator, as journalist Kim Zetter writes in her book. It was only through this jaw-dropping experiment, known as Aurora, that some energy industry officials came to accept that digital tools are capable of physical destruction………

While safety and security are paramount at nuclear plants, business considerations also come into play as many plants, including the vast majority of the 61 in the US, are privately owned. The financial and reputational damage that a successful cyberattack could wreak has led some executives to walk through them in advance…….. https://www.theverge.com/2018/1/23/16920062/hacking-nuclear-systems-cyberattack