In one instance a cyberattack had breached the cyber defenses of a nuclear power plant.
In a significant development designed to protect the homeland against cyberattacks, the U.S. Department of Energy stated it is in the process of helping U.S. firms defend themselves against a hacking campaign that is targeting power companies, including nuclear plants.
It has made it clear that the attacks have not had any impact on the electricity generation capability or the grid.
News of the attack on U.S. energy infrastructure came to light when Reuters reported that the Federal Bureau of Investigation along with the U.S. Department of Homeland Security had issued a notification, June 28, which alerted industrial firms and warned them of being hacking targets.
“DOE is working with our government and industry partners to mitigate any impact from a cyber intrusion affecting entities in the energy sector,” said a representative from the Department of Energy.
“At this time, there has been no impact to systems controlling U.S. energy infrastructure. Any potential impact appears to be limited to administrative and business networks.”
At this juncture, it isn’t clear who was responsible for the attack. However, both the FBI and the DHS have described the cyberattacks as “an advanced persistent threat”.
As per a report from Bloomberg which cited current and former U.S. officials on the condition of anonymity, the nuclear facility at Wolf Creek in Kansas was among the dozen targets of the cyberattack in which the security had been breached.
As per a representative from the Wolf Creek Nuclear Operating Corp, the plant continues to operate within existing safety parameters. He declined to say whether the cyber defences of the plant was hacked.
“There has been absolutely no operational impact to Wolf Creek. The reason that is true is because the operational computer systems are completely separate from the corporate network,” said Jenny Hageman, the company’s spokeswoman.
As June 28 security bulletin from DHS included details of code used in a hacking tool, this suggests that hackers had most likely sought to use the password of a Wolf Creek employee to access its network.
“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” reads the DHS bulletin.
“Perhaps the biggest vulnerability nuclear plants face from hackers would be their getting information on plant designs and work schedules with which to conduct a physical attack,” said David Lochbaum, a nuclear expert from the nonprofit group, Union of Concerned Scientists.
He went on to add, reactors have a certain amount of immunity from cyberattacks since their operating systems are separate from those of a digital business network.
“Security professionals from government and industry are working closely to share information so energy system operators can defend their systems,” said a representative from the U.S. Department of Energy.
As per Scott Burnell, the spokesman for The Nuclear Regulatory Commission, it has not received any notifications of a cyber event that has affected critical systems at a nuclear plant.