Part Two of Two Parts (Please read Part One first)

        In order to cope with national cybersecurity threats, it is recommended that a single federal agency be created to be responsible for cybersecurity preparedness, response, and recovery across the entire electric power sector, including both bulk power and distribution systems. Such an undertaking will obviously require years of effort.

       My blog is about nuclear issues so the big question that I have is whether or not the Russian hacking has penetrated the control systems for U.S. nuclear power plants. Fortunately, the reports and studies on this question say that the Russians cannot hack our nuclear infrastructure as far as operations or safety systems are concerned. It is likely that they have penetrated administration computers at nuclear power plants, but this is more of an annoyance than a serious threat to the grid or U.S. citizens. A recent joint report from the DHS and the FBI said, “There is no indication of a threat to public safety [from hacking of our nuclear plants] as any potential impact appears to be limited to administrative and business networks.”

      The nuclear power plants in the U.S. are one of the best protected of all infrastructure systems from cyber threats. The safety and control systems for U.S. nuclear power reactors and other critical plant components are not connected to the plant’s administrative systems or the Internet. A representative of the Nuclear Energy Institute has said that there is no evidence of any U.S. power reactor’s operation being influenced by hacking.

       In normal business practices, computers are protected by software and hardware firewalls to protect them from malicious intrusion. However, nuclear power reactors are so important and dangerous that conventional firewalls are not enough. Nuclear power plants utilize a system that permits one-way flow of information. Data can be sent out of the plants, but it cannot be sent into plants. If outside laptops or thumb drives need to be used for some purpose, they are thoroughly checked for any hostile code.

       David Blee, Executive Director of the National Nuclear Infrastructure Council recently said, “United States utilities with nuclear assets have very robust cyber security programs dating back to the days of Y2K. Operational plant systems controls are segregated from normal business software by several layers of protection, including physical means.”

      Computer hacking has been commonplace these days. It is estimated that computer intrusions cost the world over four hundred and fifty billion dollars in 2016. The world Internet has not developed a robust immunity system which will be necessary if we intend to keep using computers for critical functions in our society. Google’s Project Zero has created an elite cyber SWAT team that cruises the Internet looking for problems.

      The immune system of the nuclear industry is one of the best developed such systems in the world. A great deal of the equipment that operates nuclear power plants is still analog which helps provide protection. In addition, the U.S. nuclear infrastructure is more closely monitored than any other industry. A spokesperson for the U.S. Nuclear Regulatory Commission says that it is notified immediately if a cyberattack has penetrated any safety, security or emergency preparedness systems of a U.S. nuclear power plant. The new generations of nuclear power reactors being developed are incorporating the most advanced cybersecurity available.

China National Nuclear Corp (CNNC) has expressed an interest in investing in Bulgaria’s 2,000 megawatt nuclear power project Belene, Energy Minister Temenuzhka Petkova said on Friday. Reuters.com

Signatories to Iran’s 2015 nuclear agreement with world powers have held a new round of their periodic meetings to review its implementation amid US threats to kill the multilateral accord.  Presstv.com

The revelation comes as Europe’s top military commander warned Russia’s submarine activity is now at its highest levels since the Cold War. Thesun.co.uk

Southern California Edison has named a panel of experts to advise the company on how to move nuclear waste off the storage site near the beach at San Onofre. Kpbs.org

 

 

U.S. Secretary of State Rex Tillerson’s firing is reverberating across a Middle East where Iran fears his replacement will fight to end the 2015 nuclear deal, a hope of Gulf Arab states as Palestinians worry about a further-emboldened nationalist Israeli government. Usnews.com

Unit 3 of the Ohi nuclear power plant in Japan’s Fukui Prefecture reached criticality this morning, operator Kansai Electric Power Company announced. The reactor – the sixth to be restarted after clearing the country’s revised safety regulations – is expected to resume commercial operation early next month. World-nuclear-news.org

The US Nuclear Regulatory Commission (NRC) has issued a confirmatory order to Entergy Nuclear Operations, Inc and Entergy Operations, Inc, documenting actions they have agreed to take to implement programs designed to prevent wilful misconduct at their fleet of seven operating nuclear power plants. World-nuclear-news.org

Russia’s first ship-based nuclear power plant will set sail in late April from its St. Petersburg mooring on its way to Murmansk, a near-coastal port off of the Barents Sea, where it will be loaded with fuel, according to a report from Russian media outlet Tass. Nuclearstreet.com

 

 

A nuclear plant project in southwest England has made good progress in supply chain management but some improvements are needed before construction accelerates, an inspection has found. Uk.reuters.com

For Pakistan’s nuclear managers today, matching Indian nuclear capabilities is all that matters, says a new book which critically examines how and why the neighboring country acquired its nuke weapons and many related issues. Business-standard.com

Saudi Arabia’s crown prince has announced his country’s readiness to develop nuclear weapons in the event that Iran heads in that direction. Aljezeera.com

IAEA Director General Yukiya Amano commended efforts by Pakistan to increase nuclear safety and security as the country works to triple its nuclear power capacity. Mr Amano was also briefed on the use of nuclear technology in health care and agriculture. Mr Amano was in Pakistan on 12-14 March. Iaea.com

 

Part One of Two parts

       In the year 2000, the U.S. Federal Government computer networks were attacked by foreign entities. In reaction to these intrusions, Congress created the Federal Computer Incident Response Center (FedCIRC) at the General Services Administration. The FedCIRC was designed to be central hub to coordinate and share information between federal organizations.

       When the Department of Homeland Security (DHS) was created in 2002, the duties of the FedCIRC were transferred to the DHS. In 2003, FedCIRC changed its name to U.S. Computer Emergency Readiness Team or US-Cert. Its mission was enlarged to provide boundary protection for the federal civilian executive computers and leadership in the field of cybersecurity. With the passage of time, US-CERT has become a trusted agency and reliable source of information about cyberspace for the Federal government, state and local governments, private businesses and international organizations.

       One of the main things that US-CERT does is to receive reports of computer security incidents within the U.S. Federal Government. An incident is considered to be a violation or imminent threat of violation of computer security policies, acceptable use policies or standard security practices. After collecting incident reports, studies are conducted, and conclusions reported. The US-CERT publishes Weekly Vulnerability Bulletins, Technical Alerts, Current Activities entries and Tips.

       Yesterday, US-CERT published an alert that said that Russia had hacked into the computers of many government agencies and U.S. companies in the energy, nuclear, commercial facilities, water, aviation and critical manufacturing sectors – in summary, they have infiltrated a lot of our critical national infrastructure. The Russians have been doing this for years including the massive attack on our 2016 elections, but we have done little to respond or stop these intrusions to date.

      Our national electrical grid is system of systems. It is managed by thousands of people, computers and manual control systems. Data is supplied by thousands of sensors connected by a variety of communication networks. Over the next twenty years, especially with the much-publicized Internet of Things, there will be a great deal more data traveling over the national grid than electricity.

       MIT recently published report in which they said that it will be impossible to completely protect the national grid from cyberattacks or accidents. In view of this reality, MIT said that we need to have mechanisms in place to quickly respond to intrusions and quickly restore the security and operation of the grid. These mechanisms should be spread to every entity connected to critical grid infrastructure.

       The U.S. National Institute of Standards and Technology Cybersecurity Working Group has identified one hundred and thirty-seven types of interconnections between different systems in the national grid. It is assumed that eventually every smart meter and most sensors and critical pieces of equipment will be equipped with their own communication modules. Components and software will be supplied from hundreds of different companies. The North American Electric Reliability AInfrastructure Protection standards covering the national power system, but no organization presently has responsibility for overseeing grid cybersecurity across all aspects of our energy systems.

Please read Part 2