In testimony this month before the congressional Subcommittee on Cybersecurity and Infrastructure Protection, Patricia Hoffman, Acting Assistant Secretary for the Department of Energy’s Office of Electricity Delivery and Energy Reliability, outlined some of the measures government agencies are taking to protect our energy infrastructure from “significant cyber incidents.” The programs she outlined — information sharing, research and development, physical preparedness, and multi-stakeholder coordination — are all vitally important. But there are additional novel approaches that can be taken to further bolster the cybersecurity of our power system, particularly at the 61 commercially operating nuclear power plants that account for almost 20 percent of the U.S. electricity supply.
America’s nuclear plants have already become targets of cyber-attack, as evidenced by the recent breach of the administrative computer system at the Wolf Creek nuclear plant in Kansas. According to reports, this intrusion was part of a much broader, sophisticated cyber-attack involving over a dozen U.S. electrical power facilities. Such an attack is alarming, as a failed safety system at a nuclear power facility could result in substantial releases of radioactive materials.
The good news is that U.S. federal agencies have taken the question of nuclear power cybersecurity seriously. By law, nuclear control systems are segregated, meaning attackers wishing to manipulate the systems that plants use to operate and produce power would need to infiltrate multiple levels of plant networks, including air-gapped interfaces that are disconnected from the Internet. A successful cyber-attack on a plant’s reactor protection system, which detects potential accident conditions and responds by shutting down the reactor and initiating reactor core cooling, would be yet more challenging, particularly as the vast majority of existing nuclear reactor protection systems still use analog or early digital technology that predates the Internet.
Source: The Hill