Part Two of Two Parts (Please read Part One first)
In order to cope with national cybersecurity threats, it is recommended that a single federal agency be created to be responsible for cybersecurity preparedness, response, and recovery across the entire electric power sector, including both bulk power and distribution systems. Such an undertaking will obviously require years of effort.
My blog is about nuclear issues so the big question that I have is whether or not the Russian hacking has penetrated the control systems for U.S. nuclear power plants. Fortunately, the reports and studies on this question say that the Russians cannot hack our nuclear infrastructure as far as operations or safety systems are concerned. It is likely that they have penetrated administration computers at nuclear power plants, but this is more of an annoyance than a serious threat to the grid or U.S. citizens. A recent joint report from the DHS and the FBI said, “There is no indication of a threat to public safety [from hacking of our nuclear plants] as any potential impact appears to be limited to administrative and business networks.”
The nuclear power plants in the U.S. are one of the best protected of all infrastructure systems from cyber threats. The safety and control systems for U.S. nuclear power reactors and other critical plant components are not connected to the plant’s administrative systems or the Internet. A representative of the Nuclear Energy Institute has said that there is no evidence of any U.S. power reactor’s operation being influenced by hacking.
In normal business practices, computers are protected by software and hardware firewalls to protect them from malicious intrusion. However, nuclear power reactors are so important and dangerous that conventional firewalls are not enough. Nuclear power plants utilize a system that permits one-way flow of information. Data can be sent out of the plants, but it cannot be sent into plants. If outside laptops or thumb drives need to be used for some purpose, they are thoroughly checked for any hostile code.
David Blee, Executive Director of the National Nuclear Infrastructure Council recently said, “United States utilities with nuclear assets have very robust cyber security programs dating back to the days of Y2K. Operational plant systems controls are segregated from normal business software by several layers of protection, including physical means.”
Computer hacking has been commonplace these days. It is estimated that computer intrusions cost the world over four hundred and fifty billion dollars in 2016. The world Internet has not developed a robust immunity system which will be necessary if we intend to keep using computers for critical functions in our society. Google’s Project Zero has created an elite cyber SWAT team that cruises the Internet looking for problems.
The immune system of the nuclear industry is one of the best developed such systems in the world. A great deal of the equipment that operates nuclear power plants is still analog which helps provide protection. In addition, the U.S. nuclear infrastructure is more closely monitored than any other industry. A spokesperson for the U.S. Nuclear Regulatory Commission says that it is notified immediately if a cyberattack has penetrated any safety, security or emergency preparedness systems of a U.S. nuclear power plant. The new generations of nuclear power reactors being developed are incorporating the most advanced cybersecurity available.
