Atomic Energy Director: Nuclear Power Plant Saw ‘Disruptive’ Cyber Attack

The head of the United Nations’ nuclear watchdog revealed that a nuclear power plant was the target of a disruptive cyberattack two to three years ago.

“We never know if we know anything…” said the director of the International Atomic Energy Agency, the world’s foremost nuclear watchdog, when it comes to cyberattacks targeting nuclear power plants.

Lower the alarm bell, though. The attack was described by International Atomic Energy Agency (IAEA) director Yukiya Amano as disruptive, insisting that it wasn’t “destructive.” That said, he also revealed that an individual tried to smuggle a small amount of highly enriched uranium four years ago. A small amount enough to build a “dirty bomb.”

Amano was speaking to Reuters during a visit to Germany, when he confirmed that the revelation of the unnamed nuclear plant that was ‘disrupted’ was never spoken about in public before.

When it comes to cybersecurity and the threats against nuclear power plants’ cyber defenses, Amano had some sobering and alarming insights to share.

“This is not an imaginary risk,” he stated, before adding:

This issue of cyberattacks on nuclear-related facilities or activities should be taken very seriously. We never know if we know everything or if it’s the tip of the iceberg.

“This actually happened and it caused problems,” he further confirmed, underlining the incident of the disruptive cyberattack.

Somewhat reassuringly, the attacks were not potent enough to shut down the plant, although management has since taken “precautionary measures” according to the director.

For obvious reasons, Amano’s concerns about the state of cybersecurity in nuclear power plants are being addressed.

The IAEA has trained over 10,000 people in nuclear security since 2010. Police and border guards have received specialized training to safeguard nuclear plants’ security. Furthermore, the watchdog has also given countries over 3,000 portable devices for detecting nuclear and other radioactive material.

The bottom line? Security experts do not see a scenario wherein militant groups have acquired the capability to blow up nuclear reactors to inflict widespread, long-lasting destruction. However, the nuclear industry has vulnerabilities that could be exploited.

For instance, the Korea Hydro and Nuclear Power Co Ltd, the company that runs South Korea’s 23 nuclear power reactors saw its computer systems hacked during the end of 2014.

A report from October 2015 stated that nuclear power plants around the world have an “element of denial” when it comes to cyberattacks.

 Featured image from iStock.

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.