Pages

6 February 2023

U.S. nuclear sites face hacking and espionage threats

Tim Starks

Welcome to The Cybersecurity 202! Another recommendation, for those who haven’t been tuning in: “Poker Face,” by the always-wonderful Rian Johnson.

Below: A cybersecurity firm identifies the North Korean hacking group that stole nearly 100 gigabytes of data in a months-long breach, and regulators start to probe Tuesday’s cyberattack on the financial trading group ION. First:

Hackers target U.S. nuclear facilities, the latest in a long line of nuclear-related cyberattacks

Hackers are pursuing nuclear targets, which are some of the most heavily regulated facilities in the United States. Despite those safeguards, the opportunities for espionage and much worse have made them alluring to hackers.

The latest apparent espionage threat is a Chinese spy balloon over Montana, which is the site of several nuclear missile silos, my colleagues Dan Lamothe and Alex Horton report. Military advisers have advised President Biden against shooting down the balloon. The incident was first reported by NBC News.

A Pentagon spokesman, Brig. Gen. Patrick Ryder, said that “the U.S. government acted immediately to prevent against the collection of sensitive information” once it spotted the balloon.

Ryder said that the U.S. government has observed similar activity over a period of “several years.” A U.S. intelligence official said that similar balloons have been previously detected over Hawaii and Guam, which houses U.S. military assets.

And the leaders of two House committees on Thursday asked the Energy Department to send them documents related to cyberattacks by suspected Russian hackers aimed at U.S. national nuclear laboratories.

The Russian hackers, known as Cold River, went after nuclear scientists at Brookhaven, Argonne and Lawrence Livermore laboratories last summer, James Pearson and Chris Bing reported last month for Reuters.

“Although it is unclear whether the attempted intrusions were successful, it is alarming that a hostile foreign adversary targeted government labs working on scientific research critical to the national security and competitiveness of the United States,” Reps. James Comer (R-Ky.), chair of the Oversight and Accountability panel, and Frank D. Lucas (R-Okla.), chair of the Science, Space and Technology Committee, wrote in a letter seeking communications between agencies, labs and contractors.

Hackers who got into the U.S. nuclear command and control system could, theoretically, “trigger a false alarm, making us think that Russian nuclear weapons were on their way” — giving the president mere minutes to decide whether to launch a retaliatory strike, former White House cybersecurity adviser Richard Clarke said in a video for the nonprofit Nuclear Threat Initiative last year.

Joining the list

Here’s a partial accounting of prominent nuclear-related cyber incidents in recent years:

One of the most famous computer worms is Stuxnet, a joint U.S.-Israel invention used to degrade Iranian nuclear centrifuges that was first discovered in 2010. Two years ago, Israel appeared to confirm another cyberattack on Iran’s main nuclear facility.

The Justice Department last year unsealed charges against four Russian hackers over cyberattacks, including one on a breach of business systems at the Wolf Creek Nuclear Operating Corporation in Burlington, Kan.

U.S. nuclear regulators have suffered cyberattacks. An internal investigation at the Nuclear Regulatory Commission (NRC) found the agency had been hacked three times between 2010 and 2013. The landmark SolarWinds hack led to compromised systems at the Department of Energy and its National Nuclear Security Administration (NNSA) in 2020. In 2005, hackers made off with information about 1,500 NNSA employees.

Possible North Korean hackers breached the administrative systems of the largest power plant in India, the Kudankulam Nuclear Power Plant in Tamil Nadu, in 2019.

North Korean hackers also were suspected in a 2014 hack on South Korea’s nuclear operator.
In 2016, German news outlet BR24 reported about the discovery of a computer virus at the nation’s Gundremmingen nuclear power plant.

Perhaps the most recent incident, aside from the targeting of national laboratories, came last summer when Russian hackers mounted an “unprecedented,” “major” attack on the website of Ukrainian state nuclear operator Energoatom, the company said. A top Ukrainian official had said earlier in the Russian war that its nuclear power stations were “well protected.”

State of defenses

The Biden administration has been trying to install baseline security mandates for more industries, but nuclear is a sector that is among the most regulated already, alongside defense contractors and the financial services industry. The NRC “has really strict rules,” a White House official speaking on the condition of anonymity to more candidly discuss matters told me in a recent interview.

The NRC first put cybersecurity rules in place in the early 2000s, and under existing regulations, nuclear power plant operators must submit security plans to the agency for approval. The NRC is expected to propose additional cybersecurity rules for fuel cycle facilities this summer.

The security of U.S. nuclear weapons is less a matter of regulation than how well the NNSA protects them.

Still, there are shortcomings.

The NRC needs to reorient how it conducts cybersecurity inspections at nuclear plants to focus on measuring performance, the agency’s inspector general said in a 2019 report. The report also warned that “the inspection program faces future staffing challenges because demographic and resource constraints work against optimal staffing.”

The Government Accountability Office said in a report last year that the NNSA “and its contractors have not fully implemented six foundational cybersecurity risk practices in its traditional IT environment,” such as assessing and updating organization-wide cyber risks. “NNSA also has not fully implemented these practices in its operational technology and nuclear weapons IT environments,” it wrote.

No comments:

Post a Comment