Author: AMANDA OGLESBY / Source: sacbee
Computer hackers, not content with mucking around with U.S. commerce and elections, have trained their sights on nuclear power plants, prompting questions about cyber security at Oyster Creek.
Industry officials and federal regulators say there’s nothing to fear, but experts say there is cause for concern, including from the harm that could be caused by cyberattacks on the electrical grid upon which power plants depend.
In recent weeks, hackers tried to — and in at least one case succeeded — in penetrating the firewalls and digital protections of administration information at these nuclear facilities, according to government reports cited recently in the New York Times and Bloomberg News.
“The nuclear industry didn’t really believe that they were a target,” said Edwin Lyman, senior scientist of the Global Security Program of the Union of Concerned Scientists in Washington, D.C.
Industry executives learned otherwise when hackers worked their way into computers at Wolf Creek nuclear power plant near Burlington, Kansas, according to the Times. The Asbury Park Press (http://on.app.com/2tN72ym ) asked nuclear experts if hackers could also penetrate Oyster Creek.
“A plant like Oyster Creek, it’s old. Its systems that are used to control plant functions are mostly analog based, and that’s true for most of the plants in the United States. So the scenario of some malevolent terrorist pushing a button and causing a plant to melt down, that’s far-fetched,” Lyman said.
But there are reasons hackers might want to penetrate other plant systems.
“The fact is, a successful radiological sabotage attack on a nuclear plant, or on the spent fuel pool (where radioactive waste is cooled) at the plant, could cause a devastating catastrophe,” he added. “It could essentially contaminate hundreds of square miles with long-lived radioactive material. It could require the forced resettlement of millions of people. It could cost trillions of dollars in damages, and for a plant like Oyster Creek or others in the New York City area, a densely populated area, they are even more desirable targets for a terrorist who wants to cause that kind of mass disruption event.”
Plants separate critical systems from the internet or plant business networks by physical distance or hardware, Nuclear Regulatory Commission spokesman Neil Sheehan said in an email.
The Nuclear Regulatory Commission also regulates how employees use removable media, perform vulnerability assessments and train other employees on recognizing “insider threat(s),” he added.
The systems targeted in the recent attacks are not under the Nuclear Regulatory Commission’s regulations and oversight, Sheehan said in the email.
Hackers used faked resumes crafted in Microsoft Word that were riddled with malicious computer code to try and squeeze through the network protections, according to the Times. They also inserted malicious code into…
Click here to read more