1 January 2020

***Cyber Attack on Kudankulam Nuclear Power Plant – A Wake Up Call

Maj Gen P K Mallick, VSM (Retd)

The media is agog with the report of a cyber attack in India’s largest civil nuclear facility - the Kudankulam Nuclear Power Plant (KNPP) in Tamil Nadu. Cyberspace provides a new opportunity for determined adversaries to wreak havoc at nuclear facilities possibly without ever setting foot inside the nuclear plant. If the network that runs the machines and software controlling the nuclear reactor are compromised, cyber attacks on nuclear power plants could have physical effects. This can be used to facilitate sabotage, theft of nuclear materials and sensitive information, or at its worst, a reactor meltdown. In a densely populated country like India, any radiation release from a nuclear facility would be a major disaster. Threats may be posed by nation states, terrorists, extremists, criminals including organized groups, outsiders such as suppliers or insiders acting intentionally or negligently. 

There is no such thing as a perfectly secure system. Systems are going to be breached - even one that may be disconnected from the Internet. Those looking to attack critical infrastructure can wait for years for a single mistake to be made. This is cyber warfare and vulnerabilities are going to be found. There have been over 20 known cyber incidents at nuclear facilities since 1990 all over the world which shows that the nuclear sector is not immune to cyber related threats. As the digitalization of nuclear reactor instrumentation and control systems increases, potential for malicious and accidental cyber incidents also increases. Authorities responsible for cyber security of nuclear installations have to be constantly on the vigil.The media is agog with the report of a cyber attack in India’s largest civil nuclear facility - the Kudankulam Nuclear Power Plant (KNPP) in Tamil Nadu. Cyberspace provides a new opportunity for determined adversaries to wreak havoc at nuclear facilities possibly without ever setting foot inside the nuclear plant. If the network that runs the machines and software controlling the nuclear reactor are compromised, cyber attacks on nuclear power plants could have physical effects. 

This can be used to facilitate sabotage, theft of nuclear materials and sensitive information, or at its worst, a reactor meltdown. In a densely populated country like India, any radiation release from a nuclear facility would be a major disaster. Threats may be posed by nation states, terrorists, extremists, criminals including organized groups, outsiders such as suppliers or insiders acting intentionally or negligently. There is no such thing as a perfectly secure system. Systems are going to be breached - even one that may be disconnected from the Internet. Those looking to attack critical infrastructure can wait for years for a single mistake to be made. This is cyber warfare and vulnerabilities are going to be found. There have been over 20 known cyber incidents at nuclear facilities since 1990 all over the world which shows that the nuclear sector is not immune to cyber related threats. As the digitalization of nuclear reactor instrumentation and control systems increases, potential for malicious and accidental cyber incidents also increases. Authorities responsible for cyber security of nuclear installations have to be constantly on the vigil.

No comments: