A nightmare scenario unfolded a couple of years ago when a cyberattack targeted a nuclear power facility. The circumstances and details about the attack have been shrouded in mystery as Yukiya Amano, director of the International Atomic Energy Agency (IAEA), has chosen not to disclose such information. What is known is that the power plant in question has been by a cyberattack within the last three years. Processes were disrupted but the plant was not shut down. But make no mistake, the threat was very real and is a serious problem, according to the Director Amano and the IAEA.
Cyber threats to nuclear power plants and facilities were never on the radar of most cyber security experts, let alone the general public. This event and the precedence it sets brings about a whole new headache for security experts, both public and federal. The disruption or destruction of one of these facilities can have devastating consequences. Halting energy production can cripple entire cities and regions of a country. While, causing a catastrophic failure would surely end in fatalities, irradiation of the environment and loss of a critical power source.
As more and more countries replace coal plants with nuclear power plants, the number of potential targets for these kinds of attacks is growing. The UK has seven active power plants and the United States has sixty plants in thirty states helping to power their countries. Imagine the ramifications should a single one of those plants suffer a massive disruption or meltdown. The literal fallout will be devastating.
This kind of attack was made possible by a type of malware developed to weaken and then hijack industrial controls. The use and distribution of this type of malware has recently seen a spike in recent years. Besides this specific incident, no other nuclear power plants have reported any disruption to operations due to a cyberattack, however that does not mean that nuclear facilities do not receive their fair share of cyber threats. In 2014, Korean power plant operators had to re-evaluate their system security and counter measures after a hack resulted in the theft of “non-critical data” from their network. In mid-2015, a German nuclear power plant operator noticed that their systems kept on getting infected by viruses.
Thankfully, there has been no major or irreparable damage caused by these attacks. The disruption in operation was small enough to be handled or had very little effect on performance. However, it is hard to shrug the notion that this type of cyberattack is just in its infancy. Now that hackers and criminals know that breaching nuclear facilities is possible, they will undoubtedly improve and refine their tactics to increase their odds of success. Needless to say, we have not seen the last of these attacks. The hard part is that we as civilians are almost powerless in the face of it all. The public must rely on the hard work and vigilance of a trained few to ensure the safety of our energy sources and, equally so, our lives.