Posted on 06/28/2017 7:44:12 AM PDT by MarchonDC09122009
SECURITY: Nuclear breach opens new chapter in cyber struggle
https://www.eenews.net/stories/1060056628
SECURITY Nuclear breach opens new chapter in cyber struggle
Blake Sobczak and Peter Behr, E&E News reporters Energywire:
Tuesday, June 27, 2017
Electricity-sector officials have confirmed an investigation by U.S. authorities into a cyber event targeting U.S. nuclear facilities this year. Graphic: Claudine Hellmuth/E&E News; Photo: Pixabay.
U.S. authorities are investigating a cyber intrusion affecting multiple nuclear power generation sites this year, E&E News has learned.
There is no evidence that the nuclear energy industry's highly regulated safety systems were compromised. But any cybersecurity breach targeted or not at closely guarded U.S. nuclear reactors marks an escalation of hackers' probes into U.S. critical infrastructure.
Electricity-sector officials confirmed yesterday that they are working to unpack the significance of the secretive cyber event, code named "Nuclear 17."
Asked about the case, a representative from the North American Electric Reliability Corp. (NERC) said the nonprofit grid overseer "is aware of an incident" and has shared information with its members through a secure portal.
U.S. energy utilities pass around information on the latest hacking threats and vulnerabilities through NERC's Electricity Information Sharing and Analysis Center. That organization "is working closely with the government to better understand any implications this incident might have for the electricity industry," NERC spokeswoman Kimberly Mielcarek said in an emailed statement.
E&E News has reached out to nearly two dozen owners and operators of nuclear power plants for comment. None of the companies that replied by last night shared additional information on the incident, the details of which may be classified.
The case apparently was not severe enough to trigger the public safety alert systems at the Nuclear Regulatory Commission or the International Atomic Energy Agency. Those facts, paired with subsequent statements from operators, strongly indicate that the episode never put nuclear safety directly or immediately at risk.
Patrick Flynn, a spokesman for the utility operator Scana Corp., said "there has been no impact" to its main V.C. Summer Nuclear Generating Station, and added that two expansion units "are being designed and constructed with measures to ensure cybersecurity is protected."
Entergy Corp., which owns and operates nuclear plants across several states, from Louisiana to New York, declined to offer details about the incident, citing corporate security policy. "In keeping with our rigorous procedures to protect our computers and other information systems from cyber and physical harm, Entergy is aware of, but has not been affected by, the recent cyber incident named 'Nuclear 17,'" spokeswoman Emily Parenteau said in an emailed statement.
Omaha Public Power District, whose only nuclear asset at Fort Calhoun Station is permanently offline and undergoing decommissioning, said in a statement that it was aware of the incident but declined to share details, aside from pointing out that its facilities were not affected. Nuclear 17 and recent threats
An incident of this kind would almost certainly attract the attention of the Department of Homeland Security and the broader intelligence community, though a DHS spokesman did not confirm whether the agency was involved yesterday. If the threat rises to a certain level, members of Congress with intelligence oversight would also be looped in. Senate staff members would not confirm if they're looking into the nuclear breach when asked for comment yesterday afternoon.
Even relatively routine cyber intrusions at sensitive facilities can trigger a high-level response from government and industry, given the potential stakes involved. In another recent nuclear breach, a South Korean state-owned utility reported losing potentially sensitive data to hackers in 2014 and 2015, though the attackers didn't get into operational systems (Energywire, July 14, 2015).
Earlier this month, however, back-to-back cybersecurity warnings from U.S. officials put grid operators on high alert.
The twin threats came from Hidden Cobra, the U.S. government's nickname for North Korean government-sponsored hackers, and Electrum, a separate group that cybersecurity firm Dragos Inc. has linked to a first-of-its-kind hacking tool designed to disrupt power grids.
NERC posted its first public alert of the year this month about that grid-focused malware, which Dragos calls "CrashOverride." Experts claim it was used last December to briefly knock out power to part of Ukraine in an attack tentatively linked to Russia-based hackers. DHS issued its own alert about CrashOverride, then followed up with a separate report on a far-reaching campaign of North Korean cyber activity hitting "critical infrastructure sectors" in the United States and globally.
It's not clear where Nuclear 17 fits into that timeline of recent cyber events. But even if it never jeopardized nuclear processes or grid reliability, a successful breach of non-safety systems at a nuclear power plant is troubling, said David Lochbaum, director of the Nuclear Safety Project for the Union of Concerned Scientists.
"If they are able to introduce mayhem there, what else could they do?" he said.
Nuclear plants had an extra margin of safety in their legacy controls that were "old tech" and thus harder for outsiders to penetrate. "As more and more systems are converted to digital controls, there could be more and more opportunities for problems to crop up, deliberate or inadvertent," Lochbaum said.
"The Nuclear Regulatory Commission and the industry are not unaware of that threat," he added.
Even if safety systems were not apparently affected as part of Nuclear 17, malicious actions directed against comparatively less critical equipment could still have knock-on effects if hackers managed to unexpectedly disconnect a nuclear plant from the grid, experts say.
Such a sudden disruption would send a pressure "pulse" back to the reactor and turbine, which would still be generating electricity with no place to send it. The reactor would immediately "trip," setting in motion a series of planned actions designed to bring the reactor to a safe shutdown condition.
Control rods would halt the reactor chain reaction, and depending on the type of reactor, valves would open to dissipate energy and backup systems would be triggered. "It's something that has been anticipated," Lochbaum said. "Plants are designed to handle an instantaneous loss of load."
However, "that response is all predicated on all those things working right," Lochbaum added. "Even though it's highly reliable, it's not guaranteed."
It's not clear if the Nuclear 17 breach posed such a risk, and investigators are still analyzing the incident. If it does emerge that hackers were specifically targeting the nuclear sites, there will be no shortage of potential culprits.
"When it comes to nuclear, let me tell you everyone's interested," William "Bill" Evanina, director of the National Counterintelligence and Security Center, said at a nuclear regulatory conference earlier this year.
The scant public information so far makes it difficult to draw conclusions, noted Ralph Langner, a control system security consultant who dissected the secretive Stuxnet worm that infected Iranian nuclear centrifuges in the late 2000s.
"If it's not safety-related, we're probably not talking about a 'nuclear' incident per se," said Langner, who added that he had not heard about Nuclear 17 prior to being contacted by E&E News. "If you take the safety part away, a cyber incident in a nuclear power plant would be just like a cyber incident in any other power plant a hydro plant, a coal-fired plant, etc."
Langner pointed to an incident last year that involved old computer viruses cropping up in a nuclear environment in Germany "not at all" representing a serious, targeted attack on a nuclear environment, he said. Twitter: @BlakeSobczak Email: bsobczak@eenews.net
© 1996-2017 Environment & Energy Publishing, LLC
Related:
http://www.dailymail.co.uk/news/article-4647098/At-1-power-plant-s-computer-systems-hacked.html
Challenge issue: - it takes Industrial Control Systems vendors 150 days on average to to patch vulnerable power plant SCADA systems...
Follow related issue updates:
http://www.securityweek.com/scada-ics
Last time I heard, none of the Reactors in the USA are connected to the internet for this reason.
Mirror backup systems NOT connected to the internet might help...
Pretty much all modern PLC hardware is accessed, programmed and if necessary, viewed using a personal computer. The PC may or may not be connected to the internet - I'd say the vast majority are NOT.
If the nuclear power plants want to be safe from hacking, they should just run their network through Hillary’s server or hire the Pakistani IT techs that worked for the DEMS.
Wrong.
See below findings.
Note - Hackers also get into ICS crucial server sys admin accounts via wireless SCADA system network vulnerabilities, or service vendor maintenance dial-up lines or FTP services.
Unheeded cybersecurity threat leaves nuclear power stations open ...
https://phys.org/news/2015-10-unheeded-cybersecurity-threat-nuclear-power.html Proxy Highlight
Oct 19, 2015 ... The report also found that power plants rarely employ an “air gap” (where ... in nuclear power plants were designed in an era before the internet ...
Researchers Hack Air-Gapped Computer With Simple Cell Phone ...
https://www.wired.com/2015/07/researchers-hack-air-ga... Proxy Highlight
Jul 27, 2015 ... The most sensitive work environments, like nuclear power plants, ... Usually this is achieved by air-gapping computers from the Internet and ...
SECURITY: Nuclear breach opens new chapter in cyber struggle
SECURITY: Nuclear breach opens new chapter in cyber struggle
SECURITY Nuclear breach opens new chapter in cyber struggle
Okay, I got it the FIRST time. (lol)
DJT admin saw the importance of this crucial issue and signed corresponding EO to get gov’t and and industry to immediately address improving power grid system & plant security posture:
I have what some may say is a dumb question?
What in the hell are the control systems of nuclear power plants doing connected to the “cyber” world in the first place!! I think those systems could & should be separate from the personnel communications systems, and NOT connected at all to the “cyber” world.
My same dumb question applies to all the power plant systems.
Yes, the personnel need to communicate information to higher ups. To me that does not require the control systems of the plant to be connected to the cyber world at all.
If there is solid proof of this, then inform the NRC. All nuclear plants are to be digitally secured under Code of Federal Regulations, 10CFR73.54. This is a public document, available to anyone.
Any plant found with a vulnerability would be subject to fines and shutdown.
You are correct.
However, true “security” is in the eyes of the beholder.
Audits are self-conducted “Binderware” affirmations of how good the security posture is.
Senior corp IT audit manager from one of the largest international energy management operations companies reached out two years ago for open position helping address their client IT Security audits.
During the course of the conversation learning their pain points with chemical plant IT security audits, he was asked “how are the IT security audits were going with the power plants they manage?”.
He responded, “Oh, I that’s right, that’s something we need to get on, too.”
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.