North Korea has both cyber attacks track records and Nuclear expertise. Just thinking, what if they decided to hack a Nuclear Power Plant ? How could we prevent this ? In this article you will find out.
Why attacking a Nuclear Power Plant ?
There are 453 civilian nuclear power plants in the world. The technology used by this activity came originally from atomic bomb. From the first Nuclear Power Plant built in 1956 in Obninsk, Russia, all major nations around the world understood how critical such nuclear plants are.
The most famous accident is Chernobyl in 1986. It destroyed an entire city and had repercussions on millions of people living at that time and also children of people living in Europe. The impact was huge and wide covering all Europe, affecting all countries there.
So when nations built these particular kind of Power Plants they also started to protect them against nations and activist. There are physicals protections to limit the penetration inside the building, obviously. There are trained guard to monitor 24/7 these facilities. There are military grade commandos trained and ready to react in these environment. And to prevent missiles to arrive on these building, there are also anti missiles systems like patriots.
So next time, you will see a Nuclear Power Plant, think to all the physical and military protection deployed to protect such infrastructure.
Cybersecurity attack on Nuclear
In a such context, you can quickly understand why it matters to protect also Nuclear Power Plants in the IT world. In fact there are key facts on cyber security attacks on such infrastructures.
The main one and probably the most famous one is Stuxnet. It did not directly attacked a Nuclear Power Plant but attacked centrifuges. These equipments are used to convert Uranium in a natural state to enriched uranium that could be used in the Nuclear Power Plant. They are targeting Siemens controllers. The cyber security community still believes that attack was made by the US and Israel.
The direct consequence of such attack is the fact Nations understood that if the US and Israel could reach not connected nuclear facilities, advanced cybersecurity nations could reach Nuclear Facilities. And from that time, Energy providers started to work on bringing cybersecurity protection to their Nuclear Facilities. They did risks analysis to understand deeply what are the main cybersecurity risks.
The IT inside a Nuclear Power Plant
In fact, a Nuclear Power Plant has a specific IT to run the power plants, the SCADA. In the IT world we mainly work with the OSI model. And in order to protect this IT we try to have a full protection or at least monitoring of all the layers.
In the industrial world, automation started a long time ago before we could see IP coming. In fact many systems are analogics and obviously in Nuclear Facilities, which are often very old (more than 20 years old) you will find a mix of analog and digital sensors, controllers and supervision systems.
Using SOC to detect
For many years, Nuclear Facilities have been using the concept of Defense in Depth, using firewalls and others technologies to limit to enter the facility. But the fact is an attack on a Nuclear Power Plant will involve high level computing network attack skills and people that will create new kind of attack. So before stopping attacks, we need at least to detect any kind of attack as soon as possible. And in cybersecurity, it implies deploying a SOC.
A SOC is related to the people, processes and technologies that provide situational awareness through the detection, containment, and remediation of IT threats. A SOC will handle, on behalf of an institution or company, any threatening IT incident, and will ensure that it is properly identified, analyzed, communicated, investigated and reported. The SOC also monitors applications to identify a possible cyber-attack or intrusion (event), and determines if it is a genuine malicious threat (incident), and if it could affect business.Wikipedia
So in our case, our SOC will monitor any suspicious activity on the SCADA deployed to monitor the Power Plants.
Connecting the SOC
Connecting SOC to the Nuclear facilities is really hard for 2 main reasons. – –
- The first one is that as any IT system, it can fail. When an IT system fail, it is not uncommon it can impact other IT systems. But when we are talking about Nuclear Power Plants, we just can’t imagine our SOC impact the Nuclear Facility. The risk would be to reduce the availability and limit the product of Electricity and in the worst case stop the facility. And this could bring to put in dark hundred of thousands of people and businesses.
- The second one is the case of an attack on the SOC. As cyber-criminals the first thing done is often to neutralize defene of an organization. The worst scenario in our case would be to have an attack on the SOC, attacking the main part, the SIEM using the updating tools. Inside, a rebound would have to done to the SCADA.
So connecting the SOC can’t be done in a normal way. IT must use exotic technology to limit the impect of the SOC on the product of Energy. And there are few technologies, designed first for military uses cases. One that is official is the use of DIOD, the ones you studied at school, modified and used in a networking environement. We call them data diod.
You can find more information on Data Diodes therehttps://www.owlcyberdefense.com/about-data-diodes/
Going Further
The tendance in cybersecurity is to bring the SOCs to the capacity to detect and nowadays to be able to react. But regarding to the isolation of the SOC, it will be really hard to do so. As a cybersecurity expert but also has I have a trained in electronic, I do believe the next step is to be able to detect and react directly on the controllers levels. And this is hard, because most of providers do not give the information what it is inside, making electronic components black boxes. So we will have to find solution to monitor the states of the controllers and look out if it normal.
And a practical way could involve AI. In fact using Machine learning is a great way to see if states are normal and then being able to isole controllers or sensors directly within seconds.
A similar technology in fact is already used by companies like Google and Apple. It electronic components dedicated to security directly. At first designed for their own datacenters, they released specific components for every day smartphone. This idea is to use that kind of chip for our Nuclear Power Plants, obviously modified.
Conclusion
So securing Nuclear Power Plants is hard as we can’t impact the availability of electricity production. And to bring security at a high level, it clearly appears that machine learning used at the controllers levels will be a key to make all of us safe.
Teodor Chabin 