The FBI and the Department of Homeland Security recently issued a joint report indicating that since May 2017, nuclear power plant hacking has been on the rise. At this point, the FBI says that “there is no indication of a threat to public safety.” Well, that’s certainly reassuring!
What We Currently Know About the Power Plant Hacking
Officials have not yet determined the origin of the hacking activity, but the joint report indicated that it could be coming from one or more government organizations – most likely including Russia (surprise, surprise…).
The actual mechanics of the hacking activity involve sending maliciously-coded Microsoft Word document resumes to targeted employees – once opened, the malicious code enables the hackers to obtain login credentials for SCADA and other systems. The hackers also deploy other tactics, such as compromising legitimate websites the targeted employees tend to visit (AKA “watering hole attacks”) and utilizing URL redirects to steer users to selected malicious websites.
At this point, it appears as though the hackers are attempting to map out computer systems for future attacks. Unfortunately, what these future attacks could entail remain largely unknown.
Impact on Emergency Preparedness
Obviously, this activity is a huge threat from an emergency preparedness perspective because power plant hacking – whether nuclear or otherwise – could cause large and prolonged power outages. In fact, the U.S. has already proven this fact with the 2008 deployment of Stuxnet, which targeted Iran’s main nuclear facility and ultimately destroyed 20% of Iran’s centrifuges.
For this reason, if your company owns and/or operates any nukes, I would recommend incorporating nuclear cybersecurity situations into training materials, exercise and drill scenarios, and emergency plans, policies and procedures. You certainly cannot prevent nuclear power plant hacking, but you can at least prepare for it so that you can respond efficiently and effectively. Good luck!