Uncategorized

IAEA Director: German Nuclear Plant Experienced Cyber Attack

STUXXNET is old news, apparently. As reported by SANS, a year ago a nuclear power plant, probably in Germany, was attacked by malware.

The director of the United Nation’s (UN’s) International Atomic Energy Agency (IAEA) said that an unnamed nuclear power plant suffered a cyberattack within the last three years. Yukiya Amano said that the targeted plant was not forced to shut down operations, and that “This issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously.” Amano said that IAEA is helping nuclear facilities around the word improve cyber and physical security.
 
The director of IAEA is most likely referring to the incident involving a Korea Hydro & Nuclear Power (KHNP) plant, but recent discoveries in Germany of aged malware infections on plant process control equipment is also troubling. The nuclear industry has been well positioned to defend against Internet-borne, non-targeted, threats based because they adopted secure network architectures early, but they are now struggling to address human-enabled (e.g. infected USBs) and highly targeted cyber threats. The next step for the industry will be to transform its cyberdefense strategies from prevention-focused to a more active defense. Active defense is based on the assumption that intrusions will occur, and effective defense focuses on rapid detection of failures along with rapid collapse of free-time available to attackers.

http://www.scmagazine.com/iaea-director-cyberattack-against-a-nuclear-power-plant-occurred-years-ago/article/548192/

http://in.reuters.com/article/nuclear-cyber-idINKCN12A1P1

Nuclear Power Plant Disrupted by Cyber Attack

IAEA Cautions on Cybersecurity Risks to Nuclear Power Plants

I wonder what malware was used, was it firmware-centric? Is ‘critical infrastructure’ really secured any better than COTS consumer devices? Do they use Intel x64 systems with UEFI-based blogs than can be tested with CHIPSEC?

Standard

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s