Power Sector facing 30 cyber attacks a day

How much critical information did North Korea’s Lazarus group manage to access in their cyber attack on the Kudankulam Nuclear Power Plant (KKNPP) in early September 2019?

The KKNPP, run by the Nuclear Power Corporation of India Limited (NPCIL) boasts two of the most advanced nuclear reactors in operation. Designed by the Russians, these VVER pressurised water reactors have a capacity of 1,000 megawatts each with both units feeding into the southern power grid. Four more reactors are under construction in Kudankulam, each with a 1000 megawatts capacity.

The hostile cyber-attack gains significance given the increasing state of hostilities in the subcontinent with analysts speculating that the Lazarus group could well have passed on information of a critical nature to countries whose interests are inimical to those of India.

The detection of malware software detected at Kudankulam must also be seen against the backdrop of India’s power sector facing continuous cyberattacks. The power sector is reporting 30 such attacks on a daily basis and so the significance of this attack cannot be underestimated.

Experts warn that the power infrastructure could be the next target of terrorists, given that today India has one integrated national power grid and attacking power installations is an effective way to cripple the economy.

Cyber expert Prof. Huzur Saran, heading the Department of Computer Science and Engineering at IIT, Delhi, admits that the extent of the breach that occurred at KKNPP will never be known because no institution will go public with such information.

But such attacks are on the rise.

China is known to have created a cyber offensive force with a strength of over 10,000 people. This information was reported some time ago and they could well have expanded their strength. These are trained professional who are dedicated to this task. Pakistan could well have over 500 to 1000 experts trained in cyber-attacks,” said Prof Saran.

All defensive operations require a great deal of co-operation. To cite an example, Prof Saran cites, how governmental agencies need to develop a great deal of co-operation between all the electricity grid operators in order to withstand cyber-attacks.

Experts are not willing to hazard a guess on the strength of the cyber force developed by North Korea but analysts warn that the majority of their state sponsored operations take place from outside their country. Some experts warn that one-fifth of their operations are being launched from India itself, since India is known to have a sizeable number of North Korean students studying in Indian universities.

Nuclear experts also question NPCIL officials’ response to this malware attack. Initially, NPCIL denied that such a breach had occurred in the first place. Then they went on to insist that although the attack had occurred, it had infiltrated only the administrative section and not the crucial operational sector.

Minister of state for Atomic Energy and Space Jitendra Singh informed the Lok Sabha last week that the attack was confined to the ‘administrative office’ of the plant. “It happened in the administrative internal circuit block of the KKNPP,” he said going on to insist that there was a reliable mechanism of cyber security in place to protect the critical internal networks of nuclear plants.

What Singh was referring to was the air gap system by which the key computer controls that run the plant are protected from the administrative section.

Singh is however being optimistic, say the experts. Prof Saran points out that there can be no fool proof system in place. `Regular communication has to be maintained between the core network and the administrative section. You always need to exchange data. Suppose some bug comes in when data transfer is taking place then information does get passed on,’ said Prof Saran.

Air gapped systems are effective against unsophisticated attacks but definitely not against targeted attacks.

Leading nuclear physicist, Prof Rajaraman, emeritus professor of theoretical physics at JNU and member of the International Panel on Fissile Materials also believes that, `Each country has to safeguard against cyberattacks. It is for this reason that the Chinese are developing their own software. Of course, for the present we have to go by what NPCIL is telling us, that the attack affected parts of the administrative systems which are separated from the reactor,’ said Dr Rajaraman.

Prof Saran cites the example of the Stuxnet (a malicious computer worm) attack known to have entered Iran’s Natanz uranium enrichment facility despite it being air gapped. This attack is reported to have been orchestrated by the US and Israel.

News of the KKNPP hacking was broken by VirusTotal, which is a virus scanning website owned by Google’s parent company Alphabet. The company believes that a large amount of data was stolen in this heist.

Cyberattacks are known to take place against nuclear installations. There are 20 such recorded incidents having occurred amongst other countries in France and the US. Experts believe that increasing digitilisation could see an increase in such attacks.

This is not the first time that North Korean cyber attackers have targeted Indian institutions. ISRO’s National Remote Centre and the National Metallurgical Laboratory are known to have faced such attacks in the past.

India’s security managers need to develop much stronger safeguards to protect their strategic installations especially in the power sector.

These include nuclear power reactors given that nuclear plants are presently producing 9000 MW of power.

Nine more reactors are on the pipeline. These are being built at enormous financial costs. Allowing these power plants to get compromised will adversely affect our security and economic shield.