Hackers Targeting US Nuclear Power Plants, Report Finds

For the past couple of months, hackers have breached the computer networks of companies that operate nuclear power facilities in the US, according to a new report from federal law enforcement officials. From a report: One of the companies targeted was the Wolf Creek Nuclear Operating Corporation, which operates a nuclear facility near Burlington, Kansas, according to a joint report issued last week by the FBI and Department of Homeland Security and described by The New York Times. The report carried an urgent amber warning, the second-highest rating for the severity of the threat, the Times reported. Organizations running the nation's energy, nuclear and other critical infrastructure have become frequent targets for cyberattacks in recent years. In a 2013 executive order, President Barack Obama called cyberattacks "one of the most serious national security challenges we must confront."

sensationalist garbage

"There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks,” the government agencies said."

Zero Cool isn't fucking with the control rods of a reactor from his mom's basement. This is just another intrusion of an organization with poor security.

control rods just need some hitting Y on vent gas

[Joe_Dragon]

control rods just need some hitting Y on vent gas all day long.

Wup Wup!

[Ol+Olsoc]

Slashdot users find semit hysterical incorrect headline on Slashdot article.

Re:Wup Wup!

[Ol+Olsoc]

Sorry. Not following. What is Semitic about attempting to hack reactor sites?

Ummm, me neither. Autocorrect does some strange things sometimes. "Some" is the right word But I can't figure out how it made what it "corrected'.

Re:Who's up for Vodka?

[Max_W]

In my opinion it is not the Usual Suspects this time. In Russia there is a compulsory secondary education, all children study physics and can discern that it would not be a good idea to interfere with a nuclear power plant.

We knew this was going on

[evolutionary]

Okay this is not really that new. The tech community knews this was going on for sometime since power companies (for some crazy reason) are internet accessible. Even in the Snowden movie it was shown that the CIA was getting into power plants and hospitals of allies (now semi-allies?) for the purposes of "pressure" if they took actions the CIA decided it didn't like. So of course we've been targeted. Was probably one of the earlier targeted industries since the cyberwar with other countries started.

Re:We knew this was going on

[evolutionary]

Uh, the documents proving we were doing this were given to a few trusted reporter including Glenn Greenwald. Did you not read the reports/documents? But we've violated foreign territory in Pakestan with drones without their permission, legally an act of war, for sometime now. And that is acknowledge by the government, just not described as an act of war. (Pakestan complained, but ...not like we were going to listen nor were they going to outright declare war with us). And there is no mysterious reason, it leverage. Pure and simple. Many countries have done this. The Chinese do it with missles in Taiwan, we do it with computers worldwide. And others are doing to the Europeans. We've historically done it for a LONG time throughout history. It IS hostile. but historically this is not new .We are just doing in larger scale and increased frequency, which is what computers were designed to do.

Re:We knew this was going on

[XparXnoiaX]

The tech community knews this was going on for sometime since power companies (for some crazy reason) are internet accessible.

IF they truly are internet accessible, then I've mapped them myself. zmap is great.

Re:Who's up for Vodka?

[rjmx]

What if it were someone else's nuclear power plant?

Re:Who's up for Vodka?

[PolygamousRanchKid+]

Who wants Vodka?

. . . and then the CIA guy answers, "Don't bother pouring a separate glass for me . . . I'll just take drinks out of the glasses of every one else . . . "

Air Gap

[sycodon]

Are the control systems at plants not isolated from the outside world?

If not, why not?

It seems obvious that they should be.

Re:Air Gap

This is the advantage of the vintage of the U.S. nuclear fleet. The vast majority of the control systems, and just about all if not all safety-related control systems are electromechanical. There's nothing digital. You have to physically be there to screw with it. For those unfamiliar, the control logic doesn't use the fancy schmancy transistor, it uses electromechanical relays.

Plenty of plants have analog to digital converters that take process information for monitoring - even remotely, but these include diodes and such to isolate the system. Plus things like the business network, admin, HR, etc etc are Internet connected. Losing that would be a bad day for business, but the plant itself wouldn't care.

Re:Air Gap

[NoNonAlphaCharsHere]

I'm pretty sure those Iranian centrifuges were air-gapped.

Re:Air Gap

[Mr+D+from+63]

Are the control systems at plants not isolated from the outside world?

If not, why not?

It seems obvious that they should be.

Yes, they are isolated. But articles like this tend to hint that plants are hacked when in reality only the corporate business lans are involved in the attacked, not the isolated control systems. But headlines aren't so exciting if they reflect reality.

Re:Air Gap

[PolygamousRanchKid+]

Are the control systems at plants not isolated from the outside world?

Air Heads trump Air Gaps . . . the biggest threat to your computer system security is mechanical: "The loose nut behind the keyboard."

If not, why not?

Nothing can be made foolproof, because fools are so ingenious.

It seems obvious that they should be.

"Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error."

Re:Air Gap

[Mr+D+from+63]

This is the advantage of the vintage of the U.S. nuclear fleet. The vast majority of the control systems, and just about all if not all safety-related control systems are electromechanical. There's nothing digital.

There are plenty of digital controls in nuclear plants. Yes, there is also a lot of older relay technology as well, but plants have been upgrading controls for quite some time. Critical safety systems are still mostly non-digital because of difficult licensing process for upgrade to digital, but that is also changing.

Re:Air Gap

[tsqr]

Are the control systems at plants not isolated from the outside world?

If not, why not?

It seems obvious that they should be.

From TFA (yeah, I know; too bad TFS didn't mention this small detail): "The safety and control systems for the nuclear reactor and other vital plant components are not connected to business networks or the internet," Wolf Creek spokeswoman Jenny Hageman said in a statement. "The plant continues to operate safely."

Re:Air Gap

[Obfuscant]

when in reality only the corporate business lans are involved in the attacked,

This.

But headlines aren't so exciting if they reflect reality.

People don't read good news, they react to the sensational bad news. Good news is too boring and run of the mill. "Dog behaved, baby slept peacefully, traffic flowed at a good rate on the interstate..." doesn't get clicks. "Dog eats sleeping baby in the back of a car stuck in a ten hour traffic jam" is what people want to read about.

Re:Air Gap

[r2rknot]

They are, as stated in the featured article.

Re:Air Gap

[Mr+D+from+63]

It also helps the headline hypers that the level of ignorance and fear due to massive mis-perception or risk of anything 'nuclear' or "radioactive' is high in the general population. Even many otherwise smart educated people tend to completely fail when quizzed on those risks.

Re:Air Gap

[Hussman32]

Yes, critical safety systems are air-gapped. In theory some of the operating data could be acquired, and I expect other systems outside of the reactor could be compromised and perhaps force an outage.

Re:Air Gap

[Layzej]

“We’re moving to a point where a major attack like this is very, very possible,” Antova said. “Once you’re into the control systems -- and you can get into the control systems by hacking into the plant’s regular computer network -- then the basic security mechanisms you’d expect are simply not there.” - https://www.bloomberg.com/news...

Re:Air Gap

[Mr+D+from+63]

“We’re moving to a point where a major attack like this is very, very possible,” Antova said. “Once you’re into the control systems -- and you can get into the control systems by hacking into the plant’s regular computer network -- then the basic security mechanisms you’d expect are simply not there.” - https://www.bloomberg.com/news...

The fact that he said 'the plant's regular computer network' tells of his ignorance to the architectures of nuclear station control networkS (not one), and then the isolated controls as well. This guy has never set foot in a nuclear plant. Also, he should be specific about which 'basic security measure' he claim are not there, because there are in reality many basic security measure "there". That's easy stuff to say when you want attention, and quite vague to evade criticism.

Re:Air Gap

[tlambert]

There are plenty of digital controls in nuclear plants. Yes, there is also a lot of older relay technology as well, but plants have been upgrading controls for quite some time. Critical safety systems are still mostly non-digital because of difficult licensing process for upgrade to digital, but that is also changing.

I don't know what you've been smoking, but when a friend of mine was involved in the group that attempted to send robots in to assess the damage in the Fukushima facility, all of the electronics in the robots kept dying.

This is because almost no electronics that aren't military -- and generally sourced from NSA-run chip foundries -- aren't radiation hardened.

The systems are electromechanical because they have to operate in the event of a large scale radiation leak.

While you are correct that there's a lot of digital, it's on the ends of very long wires, well away from the possibility of accidental exposure to hard radiation, which would cause it to stop operating and/or malfunctions pretty spectacularly.

Additionally, these systems tend to exist for monitoring only, not for control.

And if anyone hooks anything but the monitoring legs of these things -- which are typically output only, optoisolated links -- to the Internet, they are fired, and potentially jailed.

Re:Air Gap

[AmiMoJo]

The air gapped systems are at risk though. As we saw in Iran and in leaked documents from the NSA, there are ways to cross that air gap. Infected USB media, for example.

Re:Air Gap

[Mr+D+from+63]

^You are talking off of assumptions, not experience. You could have checked just a little first, the link below an example of digital products that have been being installed in US nuclear plants for over that last 20 years. These systems don't need to be installed in containment where radiation levels are high, relay based controls are already installed in low rad environments.

http://www.westinghousenuclear...

Here is one on the Oconee Reactor Protection digital system, other plants are in the process of planning protection system digital upgrades;

http://www.power-eng.com/artic...

In addition, many US plants have installed digital control rod drive control systems. Once again, those controls are not located inside containment. You can walk right up to them, as most all controls, while the plant is running full power.

Re:Air Gap

[Mr+D+from+63]

The air gapped systems are at risk though. As we saw in Iran and in leaked documents from the NSA, there are ways to cross that air gap. Infected USB media, for example.

Very true, which is why a full gamut of other controls are in place. Air gap alone is not sufficient, but it is a central piece to making intrusion extremely difficult.

Re:Air Gap

[ChumpusRex2003]

I don't see what the Fukushima robot project has to do with control systems. Digital control systems aren't located in the containment (the conditions in the containment are harsh - during accident conditions, ambient temperatures can reach 160 C, with an atmosphere of saturated steam at 6 bar and potential for high radiation levels). That's not a suitable environment for most electronics, only designs tend to be restricted to just transducers and actuators in the containment.

The control systems are located outside of containment, but in physically hardened, environmentally controlled, plant rooms.

Control technologies vary, but microprocessor control is widely used in new build and retrofits. Various systems have been developed with some systems using safety critical grade rad-hard processors, originally designed for space use (the rad hardening, is less for the risk of radioactive contamination, than for mitigation of cosmic ray events, as rad hard processors tend to be immune from rare radiation effects like latch-up, and have strategies for mitigation of single-event upsets).

These days, however, designs are moving to decentralised, highly redundant clusters of CPUs. Each CPU receives only a very small number of signals for conditioning/processing/validation. Typically, these are processed in quadruplicate. These conditioned signals then pass to CPUs which perform the main logic, again in quadruplicate. The output from these is then aggregated using a fail-safe 2 of 4 logic system for output to the control actuators. In this type of solution, the CPUs don't need to be particularly resistant to radiation, as the entire system has redundancy for any individual CPU (and indeed, if the replicated CPUs are placed in different plant rooms in different plant zones, then the redundancy includes entire plant rooms/power supplies/HVAC/etc.). AMD K6 266 MHz CPUs are used in main example of this technology.

By keeping the task for each CPU simple, it permits robust analysis of the code. In this solution, the firmware on each single-board computer is automatically generated from logic statements and consists of a formally verified microkernal, supervising automatically generated code from a validated code generator tool. The tools don't permit manual coding, so there is low risk of coding error. The simple and validated software also has a low surface area for cyber attack, even though the individual components of the cluster may be connected over networks running common technologies like profibus or ethernet.

Some countries have accepted this design for use as the reactor control and safety system on new build EPR plants (e.g. France, China). Others have requested a less complex solution. In the UK, the regulator has accepted this solution for new build, but has required a "non-computerised safety system" as an additional safeguard. The regulator was originally presented with an FPGA design, but rejected that as they considered FPGA technology to be too new and complex, and asked for a simpler system with known long-term reliability and failure modes. The result was a backup system based on TTL logic and op-amps (for signal conditioning). I'm not sure where the US lies, but I would expect that they would be more aligned to countries like UK.

However, although the US may be strict, this may not be the case universally. The control system I've described above in the reference EPR plant design originally had read-write network access to the non-nuclear-safety plant automation systems. In other words, a conventional industrial control system potentially had authority to transmit data to the safety control system. Most of the regulators reviewing the EPR design spotted this as a potential cyber security weakness, and insisted that the bridge between the safety control system and the balance of plant automation systems be read-only. What is telling, however, is that the vendor of this safety control system, claims to have retrofitted this system in nearly 70 plants. While the scope of retrofits may be smaller than in new builds, it nevertheless raises the question of whether regulators supervising retrofits might have missed potential vulnerabilities such as that described above.

Re: Air Gap

[KGIII]

Dumb question...

You say two of four. Why not three of four?

Re: Air Gap

[ChumpusRex2003]

In a nuclear power plant, an unplanned reactor trip is undesirable; it puts considerable stress on the plant, seriously disturbs the power grid (with increased risk of loss of mains power at the plant), and in may plant designs requires activation of multiple systems to manage the temperature/pressure shifts which result.

2 out of 4 control in this case means that the "safe" action should be initiated if 2 of the control systems issue a "safe" signal or no signal (e.g. due to a complete failure of a control chain). For example, if control chain 1 and 2 generate a "run" signal, but chain 3 is off-line for maintenance, and chain 4 generates a "trip" signal, then the plant will trip. This avoids spurious activation of the safety response due to a single control system malfunction.

If you have a 3 out of 4 system, where 3 systems must agree for an action to be taken - what happens if 1 system has a failure? You now have no redundancy, and any further hardware failure means that your control system will not be quorate and can't take any useful decisions. So, you will need to shutdown immediately following a single system failure, and even so there would be a small residual risk of a further failure during the shutdown sequence.

The advantage of the 2 out of 4 system is that if you have one system producing a spurious signal, then you retain redundancy for "safe" actions. This gives time for a fault to be investigated and repaired with the plant operational, avoiding the risks of emergency plant manipulation and loss of production.

A 3 of 5 system would continue to provide protection against spurious trip signals when then system is already degraded - but the low likelihood of this event, the fact that this is not a direct safety hazard (as the system would fail to the safe state), means that the increased cost, complexity and more difficult validation of a 5 chain system is not a justifiable trade-off.

Re: Air Gap

[KGIII]

I get it now, thanks!

Here's the question to ask...

[bogaboga]

Is the US government, under its various organs doing anything similar - or even bankrolling any entity abroad given what we've learned (thorough Wikileaks) over the last few months?

Re:control rods just need some hitting Y on vent g

[sexconker]

Venting prevents explosion.

Weren't hackers always a threat?

[DatbeDank]

I remember back in the early 2000s hearing about hacker threats to key infrastructure like power plants, water filtration, and the like. The solution then is if you don't air gap your mission critical systems, you're an idiot and shouldn't be in a job.

  How is 2017 any different to then and why is "muh Russia" the most shouted phrase while happily ignoring China, Israel, Pakistan, and well every other country with a vested interest in national and corporate espionage?

Re:Weren't hackers always a threat?

[AHuxley]

In the past some dial up modem would be used to look over lists of interesting phone numbers.
A connection to a company modem would be made and commands attempted. More details about the OS, file system, wider network would requested after a connection would be made. Sometimes just to use that networks speed to move a lot of data around from other more interesting networks and get some data stored to work on later given dial up speeds.
A list of all extension phone numbers would be tried until a modem got a connected.

Too many email and other social media, job sites now exist with internal detail on the open internet.
So malware follows the email or contact details back to any and every network.
Workers open an email at work or use a work computer to open emails.
The issue is reported and some malware has to be a big event as its nuclear.
Its just internet malware following any link it finds and presenting itself in the most readable way to get more details from any and every account it can.

The only part to think about is why and how so much detail about nuclear work is on social media or the internet to be found and for such spam attempts to even find any working contacts.

The new issue is social media and employment sites having too much network detail on the open internet. Spam is been sent with malware to accounts found.
An air gap and a no internet, social media policy would help with that.

Re:Who's up for Vodka?

[BronsCon]

Fallout spewed into the upper atmosphere in the US can still reach Russia.

Re:Confusing headline and summary

[Mr+D+from+63]

Headline says the power plants were targeted, summary says the companies were targeted.

The headline is BS. The Wolf Creek plant controls were not involved at all, just the corporate business network which is completely separate. The headline intentionally implies something that didn't happen.

Re:Who's up for Vodka?

[Mr+D+from+63]

That might be a valid thought if there were actually a nuclear plant attacked in this case, but there wasn't , just a completely misleading headline.

Re:Who's up for Vodka?

[Obfuscant]

all children study physics and can discern that it would not be a good idea to interfere with a nuclear power plant.

All children who are brought up right know it is not ethical to interfere with anything belonging to other people, even if it is connected to the internet. Hackers of this kind don't care, they want the cred for doing the most damage they can. And a lot of people today seem to think that if it is connected to the internet then it is fair game for anything they can do to it.

It's not crazy

[rsilvergun]

it's cheaper to have them internet accessible. That's the basic problem with nuclear power. It's perfectly safe if you take all necessary precautions. But sooner or later some small government types come in, convince everyone they can cut their taxes by being every so much more efficient as a private company, take over and find running a nuke plant is _hard_. Like, really hard; and finally they start cutting corners and running the plants longer than they're supposed to.

Until you can convince upwards to 90% of the population that having a nuclear power plant run by the lowest bidder is a bad idea I'm gonna oppose nuclear.

Re:It's not crazy

[evolutionary]

Uh, this is a POWER provider. In security, there is no such thing as perfectly safe, especially if it has the potential be accessed en masse. Whether we SHOULD use nuclear is a different topic but the dangers of an essential service having critical components accessible via the Internet the risks are not increasingly clear. I remember reading how water treatment in a small town with a way outdated server connected to the Internet was accidentally hacked by a low level hacker who thought he was in something else, trigger a subsystem that caused the water to be tainted, and alerted the authorities to his mistake without giving his/her name. (I forget full URL of the article. there were a number of other water treatment plants hacked in 2016 around March as well. So if you like to risk your water supply being tainted as a result, bottom's up. But power, and possible meltdown, hmm...not really for me.

Re:It's not crazy

[Mr+D+from+63]

it's cheaper to have them internet accessible. That's the basic problem with nuclear power. It's perfectly safe if you take all necessary precautions. But sooner or later some small government types come in, convince everyone they can cut their taxes by being every so much more efficient as a private company, take over and find running a nuke plant is _hard_. Like, really hard; and finally they start cutting corners and running the plants longer than they're supposed to. Until you can convince upwards to 90% of the population that having a nuclear power plant run by the lowest bidder is a bad idea I'm gonna oppose nuclear.

First, they are not internet accessible. Not sure why you think they are other than gullible acceptance of a misleading headline. Furthermore, they are not run by the lowest bidder. But hey, maybe you could help write more misleading headlines, you seem to have the knack.

Isn't this a repost?

[clonehappy]

I think I've seen this same misleading bullshit article title literally once a month since 9/11/01.

So the administrative (read: Windows) network got some malware at a nuke plant? Shocking. I'd honestly think I'd be more shocked if the headline said that a nuclear facility had never gotten its Windows network breached, because I've never seen one that hasn't been.

Now, if the article showed that someone was fucking with the reactors or other critical systems, I'd be worried. But every article for the last 16 years has always been this same kind of clickbait garbage.

Re:Isn't this a repost?

[Mr+D+from+63]

^actually, it wasn't even necessarily on the admin network at the plant offices, all we know it was the admin network of the company that owns the plant.

Re:Isn't this a repost?

[AmiMoJo]

Nuclear plants, hospitals and the like are attractive targets for malware. Even if it's only the admin network that is hit, they have to fix it. There are legal requirements for record keeping, privacy, that sort of thing. The place can be forced to shut down if it can't do the paperwork.

So there is a strong incentive to pay the ransom.

Re:Isn't this a repost?

[angel'o'sphere]

The liked article might be bad.
But the articles in german news clearly say: the hackers could power down the plant or cause other havoc.
If that is true, I don't know.

big deal

[citylivin]

I get a few fishing emails a day that make it through the spam filter. No where in the linked article is there any evidence of anything different than the spam i get which is the same as anyone gets.

Sure some may be more akin to spear phishing but its hardly a national emergency. Don't open attachments from random people on the internet. If your responsible for a nuclear power plant, be even more cautious!

Common sense, nothing to write an article about, which trump will then read and do something half assed and stupid because of. Can we cut down on the sensationalism in this age of knee jerk, no information foreign policy please? Poor journalism and tweets may end up being the cause of ww3, which is the saddest thought I have had all week.

Re:Who's up for Vodka?

[Layzej]

The chief suspect is Russia, according to three people familiar with the continuing effort to eject the hackers from the computer networks. One of those networks belongs to an aging nuclear generating facility known as Wolf Creek -- owned by Westar Energy Inc., Great Plains Energy Inc. and Kansas Electric Power Cooperative Inc. -- on a lake shore near Burlington, Kansas.

The possibility of a Russia connection is particularly worrisome, former and current officials say, because Russian hackers have previously taken down parts of the electrical grid in Ukraine and appear to be testing increasingly advanced tools to disrupt power supplies.

The hacks come as international tensions have flared over U.S. intelligence agencies’ conclusion that Russia tried to influence the 2016 presidential election. The U.S., which has several continuing investigations into Russia’s activities, is known to possess digital weapons capable of disrupting the electricity grids of rival nations.

- https://www.bloomberg.com/news...

That was only one of the vectors.

[tlambert]

That was only one of the vectors.

You should really read the literature. They also used other vectors, and while they show a USB stick on the vector line, not all of them were via USB. Sometimes it came in loaded on Lexmark printers.

https://www2.cs.arizona.edu/~c...

Re:Confusing headline and summary

[Registered+Coward+v2]

Headline says the power plants were targeted, summary says the companies were targeted.

The headline is BS. The Wolf Creek plant controls were not involved at all, just the corporate business network which is completely separate. The headline intentionally implies something that didn't happen.

Taking headquarters out of the loop would be the best thing to happen to the plant, says this former operator.

Re:Confusing headline and summary

[AHuxley]

Think of it as finding information online and sending malware emails and links that get deeper into any network detected or accessed.
Does the malware care if its nuclear or what the social media or site was used to find the way in?
Its just like spam efforts that got a new list of emails that worked.
The malware wants to get deeper into any network that they get activated in.
Too much information is on the internet and too many random people are finding details online.

Malware follows social media or the wide open "internet" back up into other networks.

Re:Confusing headline and summary

[Mr+D+from+63]

Taking headquarters out of the loop would be the best thing to happen to the plant, says this former operator.

We're from fleet, and we're here to help.

Re:Confusing headline and summary

[Registered+Coward+v2]

Taking headquarters out of the loop would be the best thing to happen to the plant, says this former operator.

We're from fleet, and we're here to help.

And we're glad to have you. The two biggest lies in the Navy.

mdsolar

[110010001000]

mdsolar is back...submitting as a AC

Kompromat

[doug141]

All the people saying control systems weren't affected seem too unconcerned about the long game. The hackers undoubtedly have better kompromat opportunities for deeper and better attacks now. An air-gapped system doesn't protect you when an employee has been blackmailed, bought, or duped.