Cyberwar has been in the news a lot lately. The recent hacking of Sony Pictures and the withdrawal of the movie the "Interview" have spawned many debates about the dangers of cyberattacks. When the hackers threatened to bomb movie theaters, the Department of Homeland Security became involved. While attacks on corporations and government agencies are troubling, the real danger lies in cyberattacks on our financial systems and on utilities. We are living in a house of cards with respect to the security of our computers and communication systems.
Lately there has also been a great deal of concern over the dangers represented by nuclear reactors in a theater of war. They would represent idea targets for terrorists. They might be abandoned during a conflict and proceed to have a major nuclear accident. Either side in a conflict could occupy a nuclear power plant, inviting assault by the other side. A reactor could be hit by an artillery shell by accident or on purpose. And, finally, in keeping with the theme of this article, a nuclear reactor could suffer a cyberattack that could result in a nuclear catastrophe.
This idea is not just theoretical. Several years ago, the Iranian computer systems controlling their nuclear research were hit by the Stuxnet virus which interfered with industrial processes and damaged some equipment. Many experts think that the Stuxnet virus was created and released as a collaboration between the U.S. and Israel to prevent Iran from obtaining a nuclear weapons capability. So there is a precedent for cyberattacks on an opponent's nuclear facilities.
The war between North Korea and South Korea never officially ended. N.K. has a huge standing army and maintains a belligerent attitude toward the South to this day, sixty years after the fighting in Korea War stopped. N. K. has been blamed for the Sony hacking but the evidence seems to be thin. In any case, one of the reasons that attention has been focused on N.K. is because some of the computer code uncovered in the Sony hack was very similar to N.K code that was discovered in a hack of the S.K. financial sector.
S. K. has twenty three operating nuclear reactors. They have just announced that the Korea Hydro and Nuclear Power Company, Limited (KHNP) suffered a cyberattack but they say that "only non-critical data has been lost and there is no risk to the safety of South Korean nuclear installations."
Authorities in S.K. are carrying out a criminal investigation of the theft of KHNP internal documents. Some of the stolen information has already been released including blueprints of some nuclear reactors, electricity flow charges and radiation exposure estimates. The attackers claim affiliation with anti-nuclear groups and are threatening to release more internal documents from KHNP unless three aging nuclear reactors in S.K. are immediately shut down and decommissioned.
S.K. claims that the control systems of its nuclear power reactors are designed to prevent any cyberattack that could threaten the safe operation of the reactors. They say that the nuclear power reactors computer control systems are completely separate and isolated from any outside influence such as a cyberattack. Perhaps that is true in S.K. but what about all the other countries that have nuclear power reactors? It is important that we do a better job of protecting our IT infrastructure from cyberattacks in general. But the danger of a cyberattack on a nuclear power plant must be minimized as much as possible as soon as possible. If only one plant was seriously compromised anywhere in the world by a cyberattack, public opinion and investor interest would quickly turn against nuclear power in general.