SUSHOVAN SIRCAR

Was the Kudankulam Nuclear Power Plant Hit by a Malware Attack?

Was the Kudankulam Nuclear Power Plant the subject of a cyber attack earlier this year?

“A domain controller, which authenticates and authorises resources in a centralised manner, generally sits on the administrative IT network. The Operational Technology network is generally air-gapped, as it’s most critical. I was merely pointing out that the administrative IT network seems to be compromised. It doesn’t necessarily imply the reactor’s control systems were impacted.”

How Did This Incident Come to Light?

“This is a very sensitive issue, one where critical infrastructure is involved. If someone has reported a malware attack to the Cyber Security Coordinator, then I am sure that they have most certainly taken this up with the Nuclear Power Corporation of India as well as the Atomic Energy Commission and the Department of Atomic Energy. The Ministry of Home Affairs will have to be notified. They would have acted upon it when it was reported.”

Power Plant Issues Denial

It remains to be seen if any further clarifications are issued by the government on this incident, but this is likely to remain classified.

Problem With The Official Denial

At a time when cyber sphere has emerged as new domain of warfare among nations, how can an attack of this nature, that too, on a nation’s critical infrastructure be viewed?

“The blanket denial in not addressing these aspects, hence, is disappointing as it shows that the authorities’ visceral response to a cyber incident is always denial. Given that it is not possible to survive cyber attacks by closing our eyes, this incident shows how unprepared the authorities are, just not on responding to these incidents but even on the messaging.”

Stuxnet & The Iran Nuclear Attack

There is, however, a famous precedent from 2010 where the standalone or air-gapped Natanz uranium enrichment facility in Iran was attacked by the Stuxnet virus.

Stuxnet stands out and woke the world up to cyber attacks because it successfully managed to escape the digital realm and caused actual physical destruction on critical infrastructure of a nation – the uranium enrichment centrifuges.

Questions That Remain Unanswered