Cybersecurity and Nuclear Power Plants
Over the years, there has been a significant amount of research with cybersecurity in mind re: industry targets. These include, but have not been limited to government contractors, the government units (e.g. the FDIC), and auto manufacturers. During the year, there may be an increase in focus based on financial trends (e.g. consumer retail near the holidays). One industry not significantly researched as it relates to cybersecurity has been the nuclear power industry.
The Department of Homeland Security (DHS) and the FBI did however publish a joint report in July 2017 focused on warning nuclear power plants operators and cybersecurity. The report noted over 24 nuclear facilities were targeted with at least 12 of these breached.
Previous attacks focused on the plants, naturally, but also the quality control engineers. Focusing on the plants is relatively obvious, The attacks previously noted also focused on the quality control engineers. These persons were likewise a focus due to them having access to the operational systems of the plants, and a mass amount of germane data and information on the nuclear power plant itself.
The attackers were not limited to a nation, but were from across the globe. There were however certain types or forms of attacks which appear to be from certain specific groups. One example of this was the Russian Energetic Bear group. The attacks were also not done by a single person. These attacks required a team and a significant amount of time and backing.
The attack methods vary for each use case and target. There is not a template for the attacks that is applied to all the targets uniformly. The attackers may use, as an example, phishing or spear phishing as the tool. This has been very useful across many industries, with malicious links and/or word documents. For this industry, the attackers may use watering hole attacks.
Canon, S. (2017, July 7). How hard is it to hack a nuclear plant? It takes alot more than one person for starters. Retrieved from http://www.kansascity.com/news/local/article160156659.html
Condliffe, J. (2017, July 7). Hackers have been targeting U.S. nukes. Retrieved from https://www.technologyreview.com/s/608247/hackers-have-been-targeting-us-nukes/
Cooper, D. (2017, July 7). Russian hackers target the US nuclear industry. Retrieved from https://finance.yahoo.com/news/russian-hackers-target-us-nuclear-105800110.html
DailyMail.com. (2017, July 7). Russian hackers have ‘tried to infiltrate computer systems of a nuclear power plant and at least 11 other energy facilities in the US since May’. Retrieved from http://www.dailymail.co.uk/news/article-4675864/Russian-hackers-suspected-power-plant-cyberattacks.html
Finger, S. (2017, July 6). Hackers targeting wolf creek and other nuclear power plants. Retrieved from http://www.kansas.com/news/local/article160030764.html
Forrest, C. (2017, July 7). Massive cyberattack on US critical infrastructure will hit within 2 years, say 60% of security pros. Retrieved from http://www.techrepublic.com/article/massive-cyberattacks-on-us-critical-infrastructure-will-hit-within-2-years-say-60-of-security-pros/
Murphy, M. (2017, July 6). Hackers targeting U.S. nuclear power plant operators: Reports. Retrieved from http://www.marketreach.com/story/hackers-targeting-us-nuclear-power-plant-operators-report-2017-07-06
Musil, S. (2017, July 6). Hackers targeting US nuclear power plants, report finds. Retrieved from https://www.cnet.com/news/hackers-targeting-us-nuclear-power-plants-report-finds/
Nakashima, E. (2017, July 8). U.S. officials say russian government hackers have penetrated energy and nuclear company business networks. Retrieved from https://www.washingtonpost.com/world/national-security/us-officials-say-russian-government-hackers-have-penetrated-energy-and-nuclear-company-business-networks/2017/07/08
Owusu, T. (2017, July 7). Hackers could be targeting your local nuclear facility: FBI. Retrieved from https://www.thestreet.com/story/14215206/1/hackers-are-targeting-nuclear-facilities-dhs-says.html
Perlroth, N. (2017, July 6). Hackers are targeting nuclear facilities, homeland security dept and F.B.I. say. Retrieved from https://mobile.nytimes.com/2017/07/06/technology/nuclear-plant-hack-report.html
Porter, T. (2017, July 7). Russia is the chief suspect in U.S. nuclear power plants hack. Retrieved from http://www.newsweek.com/russia-russian-hackers-nuclear-power-633160
Reuters. (2017, July 7). U.S. energy department helping power firms defend against cyber attacks. Retrieved from https://mobile.nytimes.com/reuters/2017/07/07/technology/07-reuters-use-cyber-energy-nuclearpower.html
Seipel, B. (2017, July 6). Hackers targeting US nuclear facilities: report. Retrieved from http://thehill.com/policy/cybersecurity/340923-hackers-targeting-us-nuclear-facilities-report
Seth, S. (2017, July 6). Hackers breached at least a dozen US nuclear power sites-and officials are zeroing in on a familiar player. Retrieved from http://www.businessinsider.com/officials-believe-russia-hacked-us-nuclear-power-sites-2017-7
SSI Staff. (2017, July 7). Hackers targeting nuclear facilities are suspected to be russian. Retrieved from http://www.securitysales.com/emerging-tech/cybersecurity-tech/hackers-targeting-nuclear-facilities-suspected-russian/
Statt, N. (2017, July 6). Hackers are targeting nuclear power plant operators in the US. Retrieved from https://www.theverge.com/2017/7/6/15932206/hackers-targeting-us-nuclear-power-plant-operators
Stonesifer, J. (2017, July 7). Beaver valley nuclear plant not affected by cyber security incident. Retrieved from http://www.timesonline.com/news/business/beaver-valley-nuclear-plant-not-affected-by-cyber-security-incident/
The Emporia Gazette. (2017, July 8). Wolf creek targeted by cyber attack. Retrieved from http://www.emporiagazette.com/news/article_27676f46-6af7-53e0-8885-7f46be5dc5de.html
The World Staff. (2017, July 7). Hackers have been targeting nuclear power plants in the US and abroad. Retrieved from https://www.pri.org/stories/2017-07-07/hackers-have-been-targetting-nuclear-plants-us-and-abroad
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.