top of page

More Attention Should be Paid to Nuclear Power Plant Cybersecurity

Over the years, there has been a significant amount of research with cybersecurity in mind re: industry targets. These include, but have not been limited to government contractors, the government units (e.g. the FDIC), and auto manufacturers. During the year, there may be an increase in focus based on financial trends (e.g. consumer retail near the holidays). One industry not significantly researched as it relates to cybersecurity has been the nuclear power industry.

The Department of Homeland Security (DHS) and the FBI did however publish a joint report in July 2017 focused on warning nuclear power plants operators and cybersecurity. The report noted over 24 nuclear facilities were targeted with at least 12 of these breached.

Why targeted?

Previous attacks focused on the plants, naturally, but also the quality control engineers. Focusing on the plants is relatively obvious, The attacks previously noted also focused on the quality control engineers. These persons were likewise a focus due to them having access to the operational systems of the plants, and a mass amount of germane data and information on the nuclear power plant itself.

Attacker Specification

The attackers were not limited to a nation, but were from across the globe. There were however certain types or forms of attacks which appear to be from certain specific groups. One example of this was the Russian Energetic Bear group. The attacks were also not done by a single person. These attacks required a team and a significant amount of time and backing.


The attack methods vary for each use case and target. There is not a template for the attacks that is applied to all the targets uniformly. The attackers may use, as an example, phishing or spear phishing as the tool. This has been very useful across many industries, with malicious links and/or word documents. For this industry, the attackers may use watering hole attacks.


Canon, S. (2017, July 7). How hard is it to hack a nuclear plant? It takes alot more than one person for starters. Retrieved from

Condliffe, J. (2017, July 7). Hackers have been targeting U.S. nukes. Retrieved from

Cooper, D. (2017, July 7). Russian hackers target the US nuclear industry. Retrieved from (2017, July 7). Russian hackers have ‘tried to infiltrate computer systems of a nuclear power plant and at least 11 other energy facilities in the US since May’. Retrieved from

Finger, S. (2017, July 6). Hackers targeting wolf creek and other nuclear power plants. Retrieved from

Forrest, C. (2017, July 7). Massive cyberattack on US critical infrastructure will hit within 2 years, say 60% of security pros. Retrieved from

Murphy, M. (2017, July 6). Hackers targeting U.S. nuclear power plant operators: Reports. Retrieved from

Musil, S. (2017, July 6). Hackers targeting US nuclear power plants, report finds. Retrieved from

Nakashima, E. (2017, July 8). U.S. officials say russian government hackers have penetrated energy and nuclear company business networks. Retrieved from

Owusu, T. (2017, July 7). Hackers could be targeting your local nuclear facility: FBI. Retrieved from

Perlroth, N. (2017, July 6). Hackers are targeting nuclear facilities, homeland security dept and F.B.I. say. Retrieved from

Porter, T. (2017, July 7). Russia is the chief suspect in U.S. nuclear power plants hack. Retrieved from

Reuters. (2017, July 7). U.S. energy department helping power firms defend against cyber attacks. Retrieved from

Seipel, B. (2017, July 6). Hackers targeting US nuclear facilities: report. Retrieved from

Seth, S. (2017, July 6). Hackers breached at least a dozen US nuclear power sites-and officials are zeroing in on a familiar player. Retrieved from

SSI Staff. (2017, July 7). Hackers targeting nuclear facilities are suspected to be russian. Retrieved from

Statt, N. (2017, July 6). Hackers are targeting nuclear power plant operators in the US. Retrieved from

Stonesifer, J. (2017, July 7). Beaver valley nuclear plant not affected by cyber security incident. Retrieved from

The Emporia Gazette. (2017, July 8). Wolf creek targeted by cyber attack. Retrieved from

The World Staff. (2017, July 7). Hackers have been targeting nuclear power plants in the US and abroad. Retrieved from

About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

Featured Posts
Check back soon
Once posts are published, you’ll see them here.
Recent Posts
Search By Tags
No tags yet.
Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square
bottom of page