The word nuclear refers to atomic power, but it can also mean uncontrolled rage, and there would be some nuclear freak-outs going on if a nuclear power plant got hacked. To make matters worse, power grids, smart homes, and government websites have all been hacked. It does not seem like much of a leap to assume that a nuclear power plant hack is on the horizon. Fortunately, some cyber security measures are in place that may make nuclear resources more secure than you might think.
Kickin’ it Old School
If you are old enough to remember Y2K threats, the 1990’s were set to end in disaster: trains would stop running, planes would fall from the sky, and nuclear power plants were going to simultaneously explode as the clocks rolled over from December 31st, 1999 to January 1st…1900. That’s right, most computer programs had not been equipped to deal with four digit years and the thought was that the leap from 1999 back to 1900 was going to cause Atlas to drop the earth right off of his shoulders.
Fortunately, massive amounts of programming went into place to make every known digital input allow for four digit years. Well, that is about the same time that nuclear power plants got smart about hacking. Most people did not even have a cell phone, no one had heard of a “smart phone” and the world was, well…more analog.
Analog, disconnected from the internet, and a great deal more free from cyber crime.
Beyond just ancient equipment that did not even know what “internet ready” meant, newer nuclear power plants have followed some serious cyber security measures as well.
- They still keep operating systems offline or at least isolated. That means if someone does “hack a power plant” the best they could do would be employee records.
- Data diodes are used, allowing information to be sent out, but nothing can come back in.
- No thumb drives, no outside laptops (except maybe after some serious scrubbing).
- A national regulatory agency that actually meets regularly and exceeds industry security guidelines.
- No new plants without that same governing agency approving cyber security plans.
- A task force, the Nuclear Energy Institute’s cyber security task force, in operation since 2002, monitoring possible cyber threats and upgrading protective approaches as needed.
If all of that security, just for the digital aspects of the plant, sounds like overkill…well, that is because a cyber threat against a nuclear power plant would be a very, very big deal.
Nuclear power plants have physical safety measures in place as well, that would make on-the-ground access near to impossible. It is comforting to know that their cyber security protective mechanisms are in equal force.
Protecting the Precious
Other government operations, including power operations, are far from as secure as nuclear power plants. After the hack of a Ukrainian power grid, a Vermont Utility thought they were hacked. They weren’t, but it shed a light on the very real cyber security threats facing operations within the country.
Just like the two major viruses, WannaCry and Petya, that have impacted several countries and affected such resources as hospitals, these attacks remind us that cyber security needs to be woven into the fiber of every industry, particularly utilities and community necessities like hospitals. The nuclear power industry has taken it upon themselves, from within, to formulate and regulate effective cyber security measures. Will other utility companies or other industries follow their lead? Otherwise, we could have some nuclear freak-outs happening state-side as more cyber threat actors and copycats emerge on the global playing field.