So, it seems all those piles of Weapons of Mass Destruction aren’t that well protected after all. In a recent report by the famed Royal Institute of International Affairs Chatham House, the rising number of security breaches at the nuclear weapon installations and power plants show us that critical systems at plants were insecure from cyber attacks despite the technology being reduced to a minimum in these sensitive areas.
The attacks typically initiate from the world-wide-web because due to the complexity of the modern systems, they are connected directly or indirectly to our standard web. These insecure lines of communications can be used by hackers and anarchists to attack the nuclear facilities and create all sorts of problems in the control rooms. Recently, a German steel mill was at the receiving end of a cyber attack. The hackers got into their control panel, and blast furnaces were extensively damaged after the operators failed to shut it down. A closer inspection of the virus used in this attack Stuxnet Worm showed that the mill wasn’t even its intended target. It was primarily developed for disrupting operations at a nuclear power plant!
The critical analysis of the systems showed that rarely was the case when the power plants used a no electronic communication model known as an “air gap”. The use of internet as a commercial and communication tool yielded better results than security concerns for the maintenance team especially in control crucial areas where all forms of communications should be essentially banned.
As recently as 2003, an engineer at the Daviss-Bess plant in Ohio, USA was able to use his private network to access the powerplant’s mainframe. While he was connected, his computer got infected with a Slammer Worm virus that infected the control application of a serious system to fail that could have potentially led to a nuclear disaster. In a similar yet even more dangerous case, Browns Ferry plant in Alabama nearly faced a meltdown due to such an attack from outside of the plant.
The report also highlighted the pitfalls and general ignorance about the potential risks that are faced by the nuclear facilities. The employees generally show poor ‘IT hygiene’ and are inadequately trained to deal with them. They used off-the-shelf software and retained default codes and passwords in the devices that were later installed in the plant itself. But, many of these plants were introduced at a time when the cyber attacks were nothing but sci-fi myth, and there was no requirement for these protocols and mechanisms to work. The outdated equipment translates to less reliable forms of communication that can be intercepted and controlled from outside. The communication protocols like Profibus, DNP3, and OPC, are all vulnerable to cyber attacks since the authentication is loose.
All of this translates into the disturbing fact that all hackers need to access the nuclear power plants right now, is just Google. By searching shrewdly, one can easily find out direct links to where the plant settings can then be accessed directly or indirectly. That’s the level of problem we are dealing with nowadays. Also, a hacking technique that is meant to control and monitor webcams connected to the internet can also be used to access the ones at such an extraordinary facility. Many of the plant’s security advisers fail to change the name and default password of each camera which can then be controlled easily. Although cams can only be used for a limited purpose, any connected device can be found on the internet like industrial controls. Advanced search engines like Shodan can identify and even determine their location via geo-tagging.
The Chatham report recommends that the plant staff be trained to modern standards especially regarding the communication allowed inside. Strict security protocols regarding the use of user authentication and at least changing default passwords should be done! White hackers can be employed to a good effect to find out loopholes in the system as well.