The New York Times reported last week on a U.S. government report accusing Russia of conducting a series of cyberattacks aimed at U.S. and European nuclear power plants and water and electric systems from 2015 through 2017. In addition to attacks on water and electric plants, publicly available evidence suggests that Russia infiltrated the business systems of the Burlington, Kan., Wolf Creek nuclear plant but not the plant’s control systems. It was not clear whether the goal of the attack was to conduct reconnaissance or, more seriously, some type of sabotage.
Needless to say, any type of attack on a nuclear plant is very concerning. An attack that allows hackers to manipulate the systems that control a nuclear reactor, while very difficult, could have very serious consequences, including potentially nuclear reactor core damage and off-site release of radiation.
This is not the first time that nuclear facilities have been attacked. The most well-known example is the Stuxnet attack on Iran’s uranium enrichment facility, generally attributed to the U.S. and Israel (for a summary of attacks on nuclear facilities, click here. Very recently, a new piece of dangerous malware, TRISIS, which specifically targets the industrial controllers used for safety critical applications, including in nuclear plants, has been found in the Middle East.
So how worried should we be?
The good news is that the safety and security of nuclear facilities is taken very seriously. In the United States, cyber security at nuclear facilities is receiving increased attention from regulators, plant operators and technical experts. In addition, as the United States has an aging nuclear infrastructure, many of the plants are still operating mostly with analog controls and/or safety systems, meaning they are less vulnerable to cyberattacks.