Nuclear Reactors 286 - Cyberwarfare Poses Unacceptable Danger To U.S. Infrastructure Including Nuclear Power Plants
In 2010, the Stuxnet computer worm was discovered in the centrifuge control systems in Iran’s nuclear program. It did a great deal of damage to the infected systems. It was designed to influence control systems for industrial equipment. Among other things, it caused some of the centrifuges to spin so fast that they were destroyed. Although neither country has admitted anything, it is commonly assumed that the U.S. and Israel created the worm to attack Iran and retard its nuclear program.
There have been many hacking attacks on various public and private computer systems in the U.S. in the past decades. Pentagon computers have been accessed illegally raising national security concerns. Commercial databases have been hit and the financial and personal information of millions of Americans has stolen.
The Russian attack on political party email systems and voting registration databases in 2016 influenced the U.S. Presidential and Congressional elections. It has not yet been revealed to what degree these attack may have altered the outcome of the elections. This sustained and massive attack on the computer systems that underpin our democracy has brought the issue of computer attacks to broader public awareness.
There has been a growing concern over the last few years that major infrastructure like power systems in the U.S. might be attacked by malicious software in what is being called cyberwarfare. A television news show demonstrated how a computer attack could cause a generator at a power station to explode. Hydroelectric systems could be hacked to release water and flood downstream communities. Traffic systems could be hacked to cause massive traffic jams. Financial systems could be crashed wiping out billions of dollars. One of the biggest fears is that a computer attack on the systems that operate a nuclear power plant could cause a major nuclear accident that would threaten millions of people.
This week, there was a major malware attack on companies around the world. The Petya virus was something called ransomware. In this type of attack, all the records on the infected computer are encrypted and the perpetrators then demand ransom in return for a key to decrypt the files. One of the targets hit in the attack was a nuclear power plant in Chernobyl. A system that monitored radiation levels was encrypted and the operators could not access the records of operations. They had to manually monitor radiation levels.
Now ABC has reported that a U.S. nuclear power plant was also a victim of the ransomware attack. Fortunately the attack penetrated and encrypted administrative computer systems at the plant and did not hit any operational or safety systems. No safety alert was issued by the Nuclear Regulatory Commission or the International Atomic Energy Agency. This indicates that attack posed little risk to public safety or the environment.
As I have commented in the past, the level of computer security in the U.S. public and private computer systems is abysmal. Governmental computer systems at all levels are chronically underfunded and behind the latest technology including security. Private companies are too cheap to install decent security unless forced to by the government. Hopefully, this situation can be remedied before there is a truly horrific event like the melt down of a nuclear power plant.
Chernobyl Nuclear Power Plant: