News Extra: Nuclear plants in Ukraine and USA hit by cyberattacks
01 August 2017
Monitoring systems at the Chernobyl nuclear power plant in Ukraine were taken down by the worldwide cyber attack in late June dubbed ‘Petya’. Systems usually used to monitor the area around the power station for radioactivity following the nuclear meltdown there in 1986 were not working, the Ukrainian authorities said, and the area was monitored manually until automated systems were restored a few days later.
Chernobyl - Image: Shutterstock
The attack also took down the power plant's website, which usually hosts information about the incident and the area, but systems within the plant continued to operate normally, authorities said.
Security firm Kaspersky Lab said on June 27 that the attack has hit around 2,000 computers in around a dozen countries. The most affected organisations were located in Russia and the Ukraine, with systems in the UK, Germany, France, Italy, the US and Poland also hit.
Authorities suggested that the problems were a result of that monitoring system running on Windows. That operating system is also thought to be the software hit by the attack, which could be a variant of the ‘Wannacry’ ransomware that took down computers across the world in May.
‘Wannacry’ has been traced to North Korea, but as yet no one has found the origins of ‘Petya’.
Meanwhile, energy industry news site E&E News reported that US investigators were looking into cyber intrusions this year at several nuclear power plants across the country.
This was corroborated by ABC News, which reported ‘sources familiar with the matter’ saying that unidentified hackers recently breached at least one US nuclear power plant and the situation was being investigated by the FBI and Department of Homeland Security.
The name and location of the plant have not been released. The attack was contained to the business-associated side of the plant, and evidence indicated that critical infrastructure was not affected, ABC News said.
But cybersecurity experts quoted by the US media giant said that now that the network has been infiltrated, the nuclear systems had become "much more vulnerable."
The Naked Security website run by cybersecurity consultants Sophos said:
“Reportedly, the US nuclear breach wasn’t considered serious enough to warrant the filing of a full report with the International Atomic Energy Agency (IAEA) but it did, disconcertingly, end up being given its own ominous code name, ‘Nuclear 17’.
“At the moment, little is known about the dimensions of this incident but code names for cyberattacks are never a good sign in the security sector, let alone nuclear power.
“The energy sector is still digesting the significance of two attacks on Ukrainian power systems a year apart from one another in 2015 and 2016. In an earlier story covering the later incident, Naked Security noted that it’s as if Ukraine had become a laboratory for probing energy systems for weakness.
“Chernobyl being caught up with Petya was probably coincidental but nevertheless symbolic. That catastrophe was an accident, but the thought that someone might come back to deliberately sow mayhem in a nuclear or energy system is one the world might yet have to come to terms with.
“As with Petya, and WannaCry, the private worry about Nuclear 17 is that the unfolding EternalBlue leak of alleged NSA spying tools and vulnerabilities might be feeding attacks that are starting to manifest in all sorts of sectors.”