No, your neighborhood nuclear plant isn’t plugged into the internet.
A story from The New York Times posted Thursday reported that hackers penetrated computer networks of companies that run nuclear power stations, including the Wolf Creek Nuclear Operating Corp. that operates a plant near Burlington, Kan.
That company and the nuclear power industry say the plant’s operation hasn’t been jeopardized, that the separate computer systems controlling the nuclear facility haven’t been breached and couldn’t plausibly get hacked.
Experts say anything made by humans could be vulnerable to human troublemaking, but remotely keyboarding your way to the controls of a nuke plant is the stuff of Hollywood.
Only an effort backed by the resources of a nation state, they say, could bust through a nuclear plant’s defenses.
Even then, saboteurs would need ultra-high computer skills, devoted months or years toward a single plot. Next, they’d have to form a highly detailed understanding both of a particular plant’s computer system and the electromechanical devices that network is custom-made to control. Finally, the plot would need physical access inside a plant.
Triggering a plant meltdown would be incredibly hard, experts said, but not impossible.
“Hopefully, this is a wake-up call,” said Edwin Lyman, a senior scientist in the global security program of the Union of Concerned Scientists. The organization has often been critical of the nuclear industry and government regulators over safety issues. “You need to avoid the danger of complacency.”
Wolf Creek spokeswoman Jenny Hageman said that “there has been absolutely no operational impact” from the hacking efforts.
“The two networks are completely separate,” she said.
The 1,200-megawatt Wolf Creek plant is jointly owned by Kansas City Power & Light Co., Westar Energy and Kansas Electric Power Cooperative. It’s been running since 1985 and is licensed through 2045. It pumps out enough electricity to power about 800,000 homes.
Rules enforced by the Nuclear Regulatory Commission require “air gaps” — meaning the controls of a plant don’t connect by hard wire or antenna to outside systems or the internet. Nuclear plants also must have “data diodes” in place that mean information only flows out from the system, but won’t allow incoming data that could foul operations.
Yet, Iran had similar safeguards in place at its Natanz facility for creating enriched uranium, and someone still crossed the barriers.
That’s a chief reason why Iran doesn’t yet have an atom bomb.
In 2010, a computer virus dubbed “stuxnet” was planted in the computers that controlled centrifuges used to produce highly enriched uranium.
By throwing off the timing of the cascade of spinning devices, the cyberworm ruined the system and its ability to separate the isotopes in a gas critical to building a nuclear bomb or power generator.
Analysts believe the virus likely sneaked into the Natanz facility aboard a thumb drive or some other physical device, rather than by way of an internet infection. It needed the help of somebody who could get through the doors, probably an Iranian sympathetic to the West.
The malware also had to be highly sophisticated. It’s not the sort of code that can lock up your Windows-based computer for ransom. Rather, it needed to be written for the unique operation set up by the Iranians.
That level of know-how, the speculation goes, required the deep pockets and spy-driven intelligence available only to a sovereign country. In the case of stuxnet, the most common suspects are the United States and Israel, perhaps the two in collaboration. Whoever did it set back Tehran’s nuclear ambitions by years.
The Times’ story cited security consultants and a report issued jointly by the Department of Homeland Security and the FBI warning of cyberattacks on Wolf Creek and other U.S. nuclear plants.
It was unclear whether the attacks aimed to create catastrophe at the plants or came looking to steal industrial secrets. The report said there was no indication that the strikes had made the difficult leap from the internet to the closed computer systems in the plants.
The Natanz example shows both the possibility for sabotage and the daunting level of difficulty.
“It’s probably not impossible, but you need an effort on the scale of stuxnet” — the only publicly known case of nuclear hacking — “to pull something off,” said Ted Postol, a professor emeritus at the Massachusetts Institute of Technology who specialized in science, technology and national security policy.
At Wolf Creek’s pressurized water reactor, cooled by drawing from Coffey County Lake some 90 miles southwest of Kansas City, the plant could be thrown into a nuclear meltdown if, for instance, a valve were stuck open on the reactor vessel.
That could release water keeping fuel rods from overheating, throwing the mechanisms in the plant into chaos and spewing radiation that could transform a spot in the Kansas plains into a wasteland.
Systems are in place at nuclear plants that would protect against that scenario, automatically set to shut down the reactor and flood the chamber. (At the Three Mile Island plant near Middleton, Pa., in 1979, plant operators erred by overriding that safety system.)
Postol, a nuclear engineer, sees human error as a greater threat to U.S. nuclear plants than hackers. Saboteurs would need an insider and tons of detail on a plant’s operation to succeed in an attack, he said.
“It can be hard to imagine,” he said, “but the world is full of surprises.”
The industry contends the air gaps between business networks and plant operating systems go a long way. They also say Iran’s experience with stuxnet inspired tighter rules on mobile data devices — thumb drives, CDs, tape drives — inside the plants.
“Any kind of portable media is tightly controlled,” said Bill Gross, the director of incident preparedness for the Nuclear Energy Institute industry group. “And there are hardware barriers. … There’s just no communication pathway from one system to the other.”
Lyman of the Union of Concerned Scientists said that a successful hit on Wolf Creek’s business computers could matter. If such a move stole private information about an employee — a sexual affair, say, or embezzlement — they could be blackmailed into helping an attack. Or the mere distraction of a cyberattack could shift defenses at a plant that make way for a physical attack.
At the same time, he said the age of a plant like Wolf Creek actually makes it a harder target for hackers. The systems are analog, not digital, and would be tougher to undermine.
Still, he said the nuclear industry has been pressing the NRC in recent years to ease security rules over operations that don’t relate directly to plant operations.
“This might be a lesson in why those rules should stay,” Lyman said. “With a cyberattack, you never really understand the level of threat or where it might come from.”