Kudankulam power plant hit by a cyber attack but did not cause any critical damage.
Does this say that the power stations in India are vulnerable to the cyber threat?
Kudankulam Nuclear Power Plant
KKNP is the biggest power plant in India located 650km south of Chennai, in Tirunelveli district of Tamil Nadu.
The KKNP is an Indo-Russian joint venture with pressurised water reactors of units I and II operating with 1000 MWe (megawatts electric) capacity each. Both the reactor units feed India’s southern power grid. The plant is adding four more reactor units of the same size.
What happened in the Kudankulam power plant?
The disclosure regarding the Kudankulam network breach was first triggered by a Twitter post on October 28 from an anonymous account, ‘@a_tweeter_user’ which pointed to a data file uploaded on a cybersecurity firm’s website.
KKNP plant officials initially denied suffering an attack. The DAE said “Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In (Computer emergency response team) when it was noticed by them on September 4, 2019.”
“Computerisation in nuclear power stations had taken a tremendous amount of time for implementation because the nuclear power generating countries were having doubts about the safety. Therefore, the systems that are involved in operating our plants are completely independent and are connected to any other system or the internet. This is as per international safety standards,” DAE Secretary KN Vyas said.
India’s Department of Atomic energy revealed after an investigation that a user had connected a malware-infected personal computer to plants administrative network.
The plant’s operational network and systems are separate and not connected to the administrative network.
“Security, be it physical or cyber, is one area which we should not discuss the details. But be rest assured the reactors are safe and are being monitored by the experts,” NPCIL chairman and managing director said.
Who is behind the attack?
Pukhraj Singh a cyber threat intelligence analyst who has worked with the government and global security teams claimed that Kudankulam plant was under an attack and the threat was identified by a third party, who contacted him, and he informed the concerned government body on September 4.
Cyber experts say that the attack on the nuclear plant was conducted with malware known as DTrack, which was used to steal the financial data of millions of Indians in 2016. A similar malware labelled as ‘ATMDtrack’ was found infecting Indian ATMs, suggested a link with the Lazarus a North Korea based hacker group. However, Pukhraj Singh says that the identity of malware was not specific.
An expert group of South Korean malware analysts have shared evidence and analysis to corroborate the claims in a series of tweets that the attack was to obtain information about thorium-based nuclear power.
What is Air-gapped network?
Air-gapped network is believed to be the most secure network which is closed and inaccessible unless the access is done physically. Government and private sectors across the world use different networks from being hacked; the most sensitive services are often safeguarded by air-gap. Air-gap is the physical isolation of a computer from the internet to prevent any outside breach. Air-gaps can be effective against unsophisticated cyber threats but not against targeted attacks.
You may be interested in reading: Click2Mail Suffers Data Breach