International Atomic Energy Agency (IAEA) Director General Yukiya Amano has revealed that a nuclear power plant became the target of a highly disruptive cyber attack two to three years ago, and concluded that there is a serious threat to nuclear power stations from from militant attacks.
Amano cited a particular case an individual had attempted to smuggle a small amount of highly enriched uranium out of the plant around 4 years ago, which could have been used to create a ‘dirty-bomb’.
“This is not an imaginary risk,” Amano told Reuters and a German newspaper during a visit to Germany that included a meeting with Foreign Minister Frank-Walter Steinmeier.
“This issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously. We never know if we know everything or if it’s the tip of the iceberg.”
The Director declined to provide any further details regarding either incident, other than saying that the cyber attack had cause ‘some disruption’ at the plant. It was not serious enough however that the plan had to close down its entire operation. He confirmed that this was the first time that the cyber attack had been discussed in public.
“This actually happened and it caused some problems,” he said, adding while the plant did not have to shut down, it “needed to take some precautionary measures.”
He said that the attack was disruptive and not destructive, a term applied to cyber incidents such as the 2014 attack on Sony Pictures. This attack destroyed data on systems and rendered entire networks inoperable.
Concerns about cyber attacks have grown massively, particularly since the emergence of worms such as Stuxnet which can infiltrate nuclear facilities and interfere with their operation. The threat from terrorism is also very real, given that the suicide bombers that killed 32 people in Belgium back in March originally looked at targeting a nuclear power station.
Korea Hydro & Nuclear Power Co Ltd, which operates 23 nuclear reactors in South Korea, said in 2014 that it was increasing its cyber security defences following an attack where data was stolen from their computer systems.
In April, German utility RWE increased its security after its Gundremmingen nuclear power plant was discovered to be infected with malware. The company confirmed that this malware did not pose a threat to their operations.
While there are known risks to industrial control systems, these vulnerabilities are complex to exploit, and are likely to be beyond the capability of terrorist organisations. There are however some flaws within industrial control systems that need to be addressed.
Amano said the U.N. agency was helping countries increase cyber and overall nuclear security through training and a detailed database that included information from 131 countries, and by providing them with radiation detection devices.
Since 2010, the IAEA said it had trained over 10,000 people in nuclear security, including police and border guards, and has given countries more than 3,000 mobile phone-sized instruments for detecting nuclear and other radioactive material.
Amano flagged the issue at an IAEA cyber security conference in June 2015, and said it will be key topic at a broader nuclear security summit in Vienna in December.
Like this post?
Share it with your network!
What do YOU think about threat to nuclear facilities?
I’d love to hear YOUR comments!