Russia infiltrated Kansas nuclear plant's business network, FBI and DHS say

Wolf Creek Nuclear power plant in Burlington, Kan.
Wolf Creek Nuclear power plant in Burlington, Kan. Associated Press

Russia was behind a cyber intrusion of the business network tied to a nuclear power plant in Kansas, according to allegations against the country made Thursday by the Department of Homeland Security and the Federal Bureau of Investigation.

The Wolf Creek Nuclear Operating Corp. in Burlington, Kan., was one target of numerous cyberattacks against electric, water and power plants in the U.S.

The New York Times reported that cybersecurity experts saw the attacks as a signal that Russia is positioning itself to disrupt the United States' critical facilities "in the event of a conflict." It even reported Russian agents had the capability to shut down or sabotage some U.S. power plants.

"The fact is, we don't know how far (Russia) could have gone or what their actual objectives are," said Edwin Lyman, a senior scientist in the global security program for the Union of Concerned Scientists. "But we can be sure they have enough information from the initial intrusions that they could go further if our defenses don't keep up with their advances and their attack strategy."

Despite the reported intrusion of Wolf Creek's business network — a breach first made public last summer — the nuclear power plant's critical operational infrastructure was never at risk, according to Jenny Hageman, a Wolf Creek spokeswoman.

"The safety and control systems for the reactor and other vital plant components (are) not connected to business networks or the internet," Hageman said.

That's because the Wolf Creek plant was constructed before most systems went digital, in 1977. It still runs on an analog system and operates as an "island" that cannot be remotely hacked, Hageman said.

The 1,200-megawatt Wolf Creek plant is jointly owned by Kansas City Power & Light Co., Westar Energy and Kansas Electric Power Cooperative. It's been running since 1985 and is licensed through 2045. It pumps out enough electricity to power about 800,000 homes.

John Keeley, a spokesman for the Nuclear Energy Institute, which serves as a trade association for all 99 commercial nuclear power plants in the U.S., reiterated the point that power plants operate on isolated networks not connected to the internet.

"The islands of operation is true for all of them," Keeley said. "We remain vigilant, and we remain in close contact with our federal security partners in Washington to assess emerging threats, but I would tell all Kansans they should not only feel safe about Wolf Creek or any other plant, but they should feel proud of the defenses in place there."

Lyman, with the Union of Concerned Scientists, called on nuclear power plants and the Nuclear Regulatory Commission to put heightened focus on security.

"Cybersecurity, like any other security, is expensive to maintain. The threat is constantly evolving," he said, adding that the nuclear industry is "struggling" to compete with other sources of power, such as natural gas plants.

"So the industry is looking to cut costs everywhere, and security is something to cut," Lyman said.

When asked if he saw the infiltration of infrastructure systems and the election meddling tied to Russia as a signal of a reemerging Cold War, Lyman said, "Cold War implies no violence, it’s simmering tension. An actual cyberattack causing damage to infrastructure and a serious threat to the public? That would be a hot war."

While Lyman saw the attack by a nation state as cause for concern, Keeley was encouraged that the nuclear industry "has such robust protections in place that it can withstand such a widespread attack."