As I have previously written, power plant hacking – especially on nuclear plants like Oyster Creek – is increasing in frequency and severity. Oyster Creek is particularly at risk due to its advanced age, and in fact according to the NY Times, hackers attempted to penetrate the plant’s firewall just a few weeks ago.
Why Oyster Creek and Others like It are Ripe Targets
Again, the Oyster Creek plant is old, and its systems are largely analog based, which on the surface would seem to reduce the risk. However, the plant’s proximity to the highly populous New York City area is what makes it an attractive target for hackers – simply put, sabotaging plants in densely populated areas gives the hackers more bang for their buck.
The good news is that the NRC has certain regulations that help reduce the overall risk. For example, critical plant systems must be physically separated from the internet, employees must be trained on cyber safety, and the use of removable computer media is prohibited.
Unfortunately, other malicious methods are always popping up that fall outside of NRC’s oversight. One recent attack involved fake resumes emailed to plant employees containing malicious code, and another one involved sniper activity. In addition, the NRC does not regulate administrative nuclear networks, so those connections are at risk of penetration. Hackers could also gain backdoor entry by compromising the electrical grid itself, which if shutdown could trigger the automatic and systemic shutdown of any old nukes in the area.
Ok, enough with the doom and gloom. The good news is that nuclear plant operators are largely prepared, and are generally well-equipped to mitigate a cyber-attack from a response perspective. The Oyster Creek plant even proactively submitted its cybersecurity plan to the NRC for review. It’s a never-ending battle to be sure, but with this kind of dedication and proactivity, it is one that the nuclear industry will ultimately win