Slashdot Mirror

← Back to Stories (view on slashdot.org)

South Korea Says Nuclear Reactors Safe After Cyberattacks

Posted by samzenpus on from the all-clear dept.

wiredmikey writes South Korea on Thursday ruled out the possibility that recent cyber-attacks on nuclear power operator Korea Hydro and Nuclear Power Co (KHNP) could cause a malfunction at any of the country's 23 atomic reactors. Earlier this week, South Korea heightened security in the wake of the leaks, with the defense ministry's cyber warfare unit increasing its watch-level against attacks from North Korean and other hackers. On Monday, KHNP launched a two-day drill, testing its ability to thwart a cyber attack.

9 of 54 comments (clear)

  1. Here's a brilliant idea... by SeaFox · · Score: 4, Insightful

    Lets just air-gap those systems -- unless someone can explain why we need to make a nuclear reactor accessible from the Internet.

    1. Re:Here's a brilliant idea... by Charliemopps · · Score: 2

      Lets just air-gap those systems -- unless someone can explain why we need to make a nuclear reactor accessible from the Internet.

      Most are airgapped. But with cellphones and cell enabled laptops you suddenly have new weak points you didn't used to have to worry about.

    2. Re:Here's a brilliant idea... by PAjamian · · Score: 2

      An air gap can't protect against the idiot operator who plugs in his USB stick to watch a movie in the middle of the night out of boredom.

      --
      Windows is a bonfire, Linux is the sun. Linux only looks smaller if you lack perspective.
    3. Re:Here's a brilliant idea... by tlhIngan · · Score: 2

      Which is why USB ports should be disabled on computers that interact with the reactor.

      And when something in the control system needs to be updated to handle a new piece of equipment, what are you going to do...?

      Stuxnet has proven air-gaps are not invulnerable - and it used multiple vulnerabilities. It existed on a PC that was infected and merely infected a USB drive that was plugged in which then was plugged into a control PC used to reload PLCs.

      Of course, that control computer was vulnerable because being air gapped, it wasn't updated to handle vulnerabilities so all it needed was ancient vulnerabilities.

      It doesn't matter if it was a CD - the malware could ensure it got loaded on the CD as well so when it was stuck into the control PC, boom, infected.

      Unless the control system is completely static and nothing is ever going to change on it, there has to be a way to update it. And guess what - that PC on the air-gapped network has to get data onto it. And since it's air-gapped, it will be vulnerable to 10+ year old vulnerabilities because it hasn't had a software update since it was first installed. Oh yeah, you could install updates, but that's a vulnerability because the way you get that data across the air-gap is a vulnerability.

      And reasons for updating include general part obsolescence (you may be able to buy parts for 10 years, then what? Justify spending millions of dollars shutting down the factory, rip out the obsolete parts and replace the control system with a brand new one? Or just spend a few thousand, get the replacement part, and update the control system appropriately?)

  2. Re:WHY? by oodaloop · · Score: 2

    Why the fuck does everyone assume that cyber attack automatically means internet connection? Stuxnet hit the airgapped Iranian nuclear facilities via USB drives.

    --
    Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
  3. Re:WHY? by burne · · Score: 2

    Most currently active reactors were designed, built and certified in the sixties and seventies. All systems in those plants are 60's or 70's electronics. Most won't even have something as modern as a pdp-8 to control stuff. Go watch the China Syndrome if you need a reminder.

    Interfacing 40 year old control electronics to modern computers is more than a 'airgap'. It's more like your kid trying to explain GTA4 to a stone age caveman without a computer present.

  4. Re:WHY? by Irate+Engineer · · Score: 4, Informative

    Most currently active reactors were designed, built and certified in the sixties and seventies. All systems in those plants are 60's or 70's electronics. Most won't even have something as modern as a pdp-8 to control stuff. Go watch the China Syndrome if you need a reminder.

    Having worked in the field, I need to call bullshit on this. Umm, yeah, the China Syndrome was fiction . And yes, while many active reactors were designed, built, and initially certified (FTFW) in the 60's and 70's, they have all undertaken numerous upgrades and safety improvements since.

    Hollywood and Reality are two different things (hard to tell in the U.S., but it's true!). Nuclear operators have to work very damned hard and jump through a lot of hoops to demonstrate that their plants are safe to operate. Dealing with FUD dispensed by people who think they know it all because they watched it in a movie is the reason nuclear power is so expensive relative to other alternatives. But you can spout your ignorance some more if you would like; it's a free country I'm told.

    --

    Left MS Windows for Linux Mint and never looked back!

    Vote for Bernie in 2016!

  5. Re:Heads in the sand, anyone? by Mr+D+from+63 · · Score: 2

    It is theoretically possible, but Nuke plants differ greatly in control architecture from PLC controlled centrifuges. Nuke I&C is really comprised of separate discrete control systems, and they differ from plant to plant. You would not be able to accomplish much without hacking multiple control systems, all of which are disconnected from any accessible external network. Also, the older plants still have a ton of analog manual controls as well.

    Software changes to systems very infrequent, so even if methods existed, opportunities are limited. Also, testing is done before putting systems back in to operation to ensure safety functions are working. Testing is done on a regular basis as well. Avoiding detection on these systems would be difficult, as they control logic is actually fairly straightforward (simple enough that much of it was originally done with relay logic).

    The obstacles to successfully causing a safety event are significantly more challenging than what stuxnet had to deal with.

  6. Re:WHY? by Irate+Engineer · · Score: 4, Informative

    I'm not worried about some internet group getting into the systems remotely. A Stuxnet-type attack is definitely possible, but smart protocols (no unauthorized electronics, thumb drives, etc. on site) will make this very hard. Someone will eventually goof up, but even then there are so many overrides that executing a safe shutdown is possible even if the control systems are hacked.

    I think a physical on-site attack is far more probable and worrisome (terrorists with guns taking control of a plant). There is a lot of security around U.S. plants these days, but a whole lot of complacency has built up since 9/11 and a few thousand days of nothing happening takes a toll. 20 well-armed jihadis ready to give their all for Allah and their 72 virgins could probably get into a plant. What they could do from there, who knows. Simply getting into a containment and draining a reactor pool would be pretty bad if there was a significant amount of fuel stored (which is the case in a lot of old plants) but containable. They would have to figure out how to shut down and/or disable a lot of safety controls to do anything serious. The plant itself would fight them pretty hard. If they got physical access to the containment and tried to blow up stuff, could be bad but likely containable. PWRs have systems to cope with large break loss-of-coolant accidents, which is pretty much a massive steam explosion and loss of core cooling, as bad as things get.

    I honestly don't think terrorists could do anything that would cause anything worse than contained damage and contamination, nothing that would harm the neighbors. However, given the FUD already circulating about nuclear power (yeah, I'm looking at you Mr. Burne) I think it would be enough for them to just take the plant and then sit around drinking coffee. Even if they did no damage at all to the plant, got mowed down by the good guys in 10 minutes, the simple act would have the world shitting bricks. And that is what terrorism is all about, stirring up unaccountable fear.

    --

    Left MS Windows for Linux Mint and never looked back!

    Vote for Bernie in 2016!