The Nuclear Power Corporation of India Limited (NPCIL) has now confirmed that there was a cyberattack on the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, India, in September. The nuclear power plant’s administrative network was breached in the attack but did not cause any critical damage. KKNPP plant officials had initially denied suffering an attack and officially stated that KKNPP “and other Indian Nuclear Power Plants Control Systems are stand alone and not connected to outside cyber network and Internet. Any Cyber attack on the Nuclear Power Plant Control System is not possible.”
So, what really happened at Kudankulam? Here’s what you need to know.
The KKNPP is the biggest nuclear power plant in India, equipped with two Russian-designed and supplied pressurized water reactors with a capacity of 1,000 megawatts each. Both reactor units feed India’s southern power grid. The plant is adding four more reactor units of the same capacity, making the Kudankulam Nuclear Power Plant one of the largest collaborations between India and Russia.
According to the NPCIL statement, the malware attack on KKNPP was noticed Sept. 4 by the CERT-In (Indian Computer Emergency Response Team), which is the national agency for responding to cybersecurity incidents. An investigation by India’s Department of Atomic Energy revealed that a user had connected a malware-infected personal computer to the plant’s administrative network. While the plant’s operational network and systems are separate from and not connected to the administrative network, there may be a second “more serious” attack on operational network.
VirusTotal, a virus scanning website owned by Google’s parent company, Alphabet, has indicated that a large amount of data from the KKNPP’s administrative network has been stolen. If this is true, subsequent attacks on the nuclear power plant could target its critical systems more effectively. Cyberattacks on nuclear power plants could have physical effects, especially if the network that runs the machines and software controlling the nuclear reactor are compromised. This can be used to facilitate sabotage, theft of nuclear materials, or — in the worst-case scenario — a reactor meltdown. In a densely populated country like India, any radiation release from a nuclear facility would be a major disaster.
Who carried out attack?
Some researchers suggest that the KKNPP attack was caused by a variant of the DTRACK virus, developed by the North Korea-linked Lazarus group. The NPCIL has not challenged these claims. However, tracing a cyberattack won’t be easy.
Source: Washington Post
Relevant for GS Prelims & Mains Paper III; Security Issues