U.S. nuclear power plants bolster defenses against cyberattacks

Published 2 September 2010

The threat to digital systems at the U.S. nuclear power plants is considerable — especially for new nuclear power facilities that would be built in the United States and throughout the world, as control rooms would employ digital systems to operate the plants; these state-of-the-art instruments and systems make them targets for hackers

An attractive target // Source: blogspot.com

The threat to digital systems at the U.S. nuclear power plants is considerable, but the sector is better prepared to defend against potentially devastating cyberattacks than most other utilities, according to government and industry officials and experts.

Cyberattacks have been an increasing source of concern in recent years but the threat was highlighted in July by the first discovery of malicious code specifically formulated to target the systems that direct the inner operations of industrial plants (“Malicious virus targets SCADA systems,” 20 July 2010 HSNW). To date the malware is thought to have infected more than 15,000 computers worldwide, mostly in Iran, Indonesia and India.

Global Security Newswire’s Martin Matishak writes that the issue is critically important for new nuclear power facilities that would be built in the United States and throughout the world as control rooms would employ digital systems to operate the plants. These state-of-the-art instruments and systems make them targets for hackers.

A U.S. Nuclear Regulatory Commission (NRC) spokeswoman declined to say whether there have been any cyber strikes against the U.S. nuclear power sector. Security events, including a computer-based attack at an energy facility, would be “sensitive information” and therefore not released to the public, she told Matishak.

There have been no cyberattacks to date on U.S. nuclear facilities, according to Doug Walters, vice president of regulatory affairs at the Nuclear Energy Institute (NEI), a policy organization of the nuclear power and technologies industry.

Cyberattacks are “no different from other military activities, in that power grids are a normal target for guerrillas and militaries. It’s something they usually try to attack if they get into a conflict,” James Lewis, a senior fellow at the Center for Strategic and International Studies, said during an interview last week.

Nuclear power plant owners and operators “have been encouraged for a long time to think about security and to put a lot more effort into it than most civilian enterprises,” he told Matishak. “The question is how vulnerable are they so someone using remote access to send damaging commands and I think the answer is they’re not particularly vulnerable.”

Lewis said experts know other nations, possibly including China and Russia, have conducted reconnaissance for potential weak spots in the U.S. power grid and “we don’t know what they left behind.”

People with nuclear power plants ought to be and thus are, more careful about this because it’s easier in the imagination to envision what happens