Have hackers found an easy target in the country's Power Sector?
By MYBRANDBOOK
How much critical information did North Korea’s Lazarus group manage to access in their cyber attack on the Kudankulam Nuclear Power Plant (KKNPP) in early September 2019?
The KKNPP, run by the Nuclear Power Corporation of India Limited (NPCIL) boasts two of the most advanced nuclear reactors in operation. Designed by the Russians, these VVER pressurised water reactors have a capacity of 1,000 megawatts each with both units feeding into the southern power grid. Four more reactors are under construction in Kudankulam, each with a 1000 megawatts capacity.
The hostile cyber-attack gains significance given the increasing state of hostilities in the subcontinent with analysts speculating that the Lazarus group could well have passed on information of a critical nature to countries whose interests are inimical to those of India.
The detection of malware software detected at Kudankulam must also be seen against the backdrop of India’s power sector facing continuous cyber attacks. The power sector is reporting 30 such attacks on a daily basis and so the significance of this attack cannot be underestimated.
Experts warn that the power infrastructure could be the next target of terrorists, given that today India has one integrated national power grid and attacking power installations is an effective way to cripple the economy.
Cyber expert Prof. Huzur Saran, heading the Department of Computer Science and Engineering at IIT, Delhi, admits that the extent of the breach that occurred at KKNPP will never be known because no institution will go public with such information.
But such attacks are on the rise.
China is known to have created a cyber offensive force with a strength of over 10,000 people. This information was reported some time ago and they could well have expanded their strength. These are trained professionals who are dedicated to this task. Pakistan could well have over 500 to 1000 experts trained in cyber-attacks,” said Prof Saran.
All defensive operations require a great deal of co-operation. To cite an example, Prof Saran cites, how governmental agencies need to develop a great deal of co-operation between all the electricity grid operators in order to withstand cyber-attacks.
Experts are not willing to hazard a guess on the strength of the cyber force developed by North Korea but analysts warn that the majority of their state sponsored operations take place from outside their country. Some experts warn that one-fifth of their operations are being launched from India itself, since India is known to have a sizeable number of North Korean students studying in Indian universities.
Nuclear experts also question NPCIL officials’ response to this malware attack. Initially, NPCIL denied that such a breach had occurred in the first place. Then they went on to insist that although the attack had occurred, it had infiltrated only the administrative section and not the crucial operational sector.
Minister of state for Atomic Energy and Space Jitendra Singh informed the Lok Sabha last week that the attack was confined to the ‘administrative office’ of the plant. “It happened in the administrative internal circuit block of the KKNPP,” he said, going on to insist that there was a reliable mechanism of cyber security in place to protect the critical internal networks of nuclear plants.
What Singh was referring to was the air gap system by which the key computer controls that run the plant are protected from the administrative section.
Singh is however being optimistic, say the experts. Prof Saran points out that there can be no fool proof system in place. `Regular communication has to be maintained between the core network and the administrative section. You always need to exchange data. Suppose some bug comes in when data transfer is taking place then information does get passed on,’ said Prof Saran.
Air gapped systems are effective against unsophisticated attacks but definitely not against targeted attacks.
Leading nuclear physicist, Prof Rajaraman, emeritus professor of theoretical physics at JNU and member of the International Panel on Fissile Materials also believes that, each country has to safeguard against cyber attacks. It is for this reason that the Chinese are developing their own software. Of course, for the present we have to go by what NPCIL is telling us, that the attack affected parts of the administrative systems which are separated from the reactor,’ said Dr Rajaraman.
Prof Saran cites the example of the Stuxnet (a malicious computer worm) attack known to have entered Iran’s Natanz uranium enrichment facility despite it being air gapped. This attack is reported to have been orchestrated by the US and Israel.
News of the KKNPP hacking was broken by VirusTotal, which is a virus scanning website owned by Google’s parent company Alphabet. The company believes that a large amount of data was stolen in this heist.
Cyber attacks are known to take place against nuclear installations. There are 20 such recorded incidents having occurred amongst other countries in France and the US. Experts believe that increasing digitalization could see an increase in such attacks.
This is not the first time that North Korean cyber attackers have targeted Indian institutions. ISRO’s National Remote Centre and the National Metallurgical Laboratory are known to have faced such attacks in the past.
India’s security managers need to develop much stronger safeguards to protect their strategic installations especially in the power sector.
These include nuclear power reactors given that nuclear plants are presently producing 9000 MW of power.
Nine more reactors are on the pipeline. These are being built at enormous financial costs. Allowing these power plants to get compromised will adversely affect our security and economic shield.
(The article first appeared in nationalheraldindia.com and is authored by Rashme Sehgal)
Adani Ports to acquire 95% of the Gopalpur Port in Odisha
For ₹13.49 billion, Adani Ports would purchase a 95% ownership in Gopal...
Zoom introduces Workplace to provide AI support during meeting
Zoom Video Communications has announced Zoom Workplace, its AI-powered, op...
22 startups valued above ₹10,000 cr are being run by former
According to Private Circle, around 22 firms founded by former Paytm employ...
Tech Mahindra and IBM to accelerate digital adoption in APAC
Tech Mahindra has announced the opening of a Synergy Lounge, in collabora...
TAC SECURITY SOLUTIONS
IBALL WORLDWIDE PVT. LTD.
TVS ELECTRONICS LTD.
NUMERIC INDIA, A Group Brand Legrand
Technology Icons Of India 2023: Ashish Kumar Chauhan
Ashish works as the CEO of the National Stock Exchange (NSE). He is al...
Technology Icons Of India 2023: Ashwini Vaishnaw
Ashwini Vaishnaw is an Indian politician and former IAS officer and is...
Technology Icons Of India 2023: Shailender Kumar
Shailender Kumar is senior vice president and regional managing direct...
INDIANOIL helps reach precious petroleum fuels to every nook and corner of the country
IndianOil, a diversified, integrated energy major with presence in alm...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
DRDO is India's largest and most diverse research organisation
DRDO is the R&D wing of Ministry of Defence, Govt of India, with a vis...
TECH DATA, A TD SYNNEX COMPANY
Tech Data Corporation was an American multinational distribution compa...
IRIS GLOBAL SERVICES PVT. LTD.
Iris Global services is one of the leading distribution houses that d...
TEXONIC INSTRUMENTS
Texonic has carved a niche for itself in the Technology Distribution i...