UN Nuke Boss: Plant Hit by Cyber Attack

Written by

A nuclear power plant was disrupted by a cyber-attack two to three years ago, according to the head of the UN’s atomic energy watchdog.

Yukiya Amano, director general of the International Atomic Energy Agency (IAEA), told Reuters that the attack at the unnamed facility didn’t force a shutdown but caused “some problems” and ensured it "needed to take some precautionary measures."

Some networks were rendered inoperable by the attack, he added.

Amano also revealed that someone tried to smuggle a small amount of highly enriched uranium from a facility several years ago. It’s claimed this could have been used to build a dirty bomb.

"This issue of cyber-attacks on nuclear-related facilities or activities should be taken very seriously,” he’s quoted as saying. “We never know if we know everything or if it's the tip of the iceberg."

The IAEA appears to be increasingly focusing its efforts on the threat to nuclear plants from cyberspace and overall security issues.

It’s said to be offering help to over 100 countries worldwide on how to minimize risk, through staff training, radiation detection devices and information sharing.

Although there’s not yet been a major attack on nuclear facilities from cyberspace, the signs all point to various state actors turning their attention to this area.

Last year, reports suggested the US had tried and failed to use the infamous Stuxnet worm to disrupt North Korea’s nuclear facilities.

Also in January last year, South Korea revealed that a “low risk” worm had infected computer systems at a nuclear plant in the country.

Closer to home, a Chatham House report last October revealed serious cyber deficiencies which are exposing the UK’s nuclear industry to attack, including supply chain issues, lack of staff training and not enough ‘air gapping’ of key systems.

US nuclear watchdog the Nuclear Regulatory Commission has been hit by at least three major cyber-attacks over recent years, according to recent reports.

What’s hot on Infosecurity Magazine?