Government assures cyber-security intact at Kudankulam Nuclear Power Plant: What happened in 2018? Findings and Measures

The security arrangements are in place to secure India’s nuclear power plant systems from cyber-attack, confirmed Dr. Jitendra Singh, Union Minister of State (Independent Charge), Atomic Energy and Space. 

While responding on the issue of the cyber-attack on the Kudankulam Nuclear Power Plant in 2018, Dr. Jitender Singh informed that investigations had been carried out by the Computer & Information Security Advisory Group (CISAG)-DAE along with the national agency, Indian Computer Emergency Response Team. 

What happened in 2018? 

According to a report published in The Washington Post, the Nuclear Power Corporation of India Limited (NPCIL) confirmed the cyber-attack on the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, in 2018 (September). The report further suggested that the nuclear power plant’s administrative network was breached in the attack but did not cause any critical damage. 

While KKNPP Site Director Sanjay Kumar said any outside network could not access the isolated network of KKNPP from any part of the globe, NPCIL statement informed that a malware attack on KKNPP was noticed on September 4 by the CERT-In (Indian Computer Emergency Response Team), which is the national agency for responding to cybersecurity incidents. 

An investigation by India’s Department of Atomic Energy revealed that a user had connected a malware-infected personal computer to the plant’s administrative network. 

What were the findings? 

VirusTotal, a virus website owned by Google’s parent company, Alphabet, suggested that a large amount of data from the KKNPP’s administrative network had been stolen.

Experts informed that such cyber-attack had been used to facilitate sabotage, theft of nuclear materials, or – in the worst-case scenario – reactor meltdown. In a densely populated country like India, radiation released from a nuclear facility would be a major disaster.

Measures taken to ensure cyber-security at Kudankulam Nuclear Power plant:

Authorization, authentication & access control mechanisms, strict configuration control and surveillance are the few measures mentioned by the Union Minister, Dr. Jitendra Singh.

He further informed that the measures implemented based on the recommendations, which include physical separation of Intranet & Internet access, secure virtual browsing terminal for dedicated internet use, secured data transfer provisions requiring authentication are in place, independent security review prior to posting of new web applications and change in LAN / infrastructural architecture, the constitution of a task force for oversight of information security posture, on IT systems in the organization, etc. and restricted usage of removable media.