- A US nuclear facility was breached in a cyberattack, outlets reported on Wednesday.
- The attack was contained to the business-associated side of the plant, and evidence indicates that critical infrastructure was not affected.
- But cybersecurity experts say that now that the network has been infiltrated, the nuclear systems have become “much more vulnerable.“
Unidentified hackers recently breached at least one US nuclear power plant and the situation is being investigated by federal officials, sources familiar with the matter told ABC News on Wednesday.
The name and location of the plant have not been released, but cyberattacks have affected “multiple nuclear power generation sites this year,” according to E&E News, which was the first to report the story.
It is not yet clear who launched the attack and whether it is connected to a global cyberattack that crippled several countries and corporations beginning on Tuesday.
The breach was contained to the business-associated side of the plant, officials said. So far, little information has come out about the origins of the hack, code named “Nuclear 17,” but evidence indicates that the attack was not serious enough to prompt alerts from the public safety systems at the Nuclear Regulatory Commission or the International Atomic Energy Agency, E&E reported. The information available thus far indicates that nuclear safety is not immediately at direct risk.
But cybersecurity experts say that now that hackers have infiltrated the system, nuclear safety could be at risk down the road.
“If a nuclear power facility is attacked on the business side, that might actually serve as a way of information-gathering” for hackers, Paulo Shakarian, founder of the cybersecurity firm CYR3CON, told Business Insider. In some cases, hackers will try to “see if, by reaching that system, they can get more insight into what the facility is using on the operational side,” Shakarian said.
“This could be a big danger,” he added. “And it could lead to another attack that could be more serious.”
Though nuclear power providers have rigorous practices in place to divide business and nuclear operations in their networks, experts say an attack on one could inform an attack on the other.
A breach to the business-associated end of a nuclear power plant “is very severe and very scary,” said Greg Martin, the CEO of cybersecurity firm JASK. He said that while it was “wonderful” that network segmentation prevented hackers from being able to attack critical infrastructure directly, “the business side has tons of information about the more vulnerable infrastructure side of these types of plants.”
That information can include emails; communications involving design plans; information about security assessments; emails or documents that contain passwords; and more. Martin echoed Shakarian’s assessment and added that some information that can be gleaned from a breach like this can open up a window that “can be used to set up for future, more damaging attacks just based on the proprietary information they’re able to steal.”
In the past, when business networks have been hacked, attackers have been able to use the information they obtained to create targeted spear-phishing campaigns that look like existing vendors and email threads accessed via compromised inboxes.
This tactic has been used several times but its potential consequences most recently came to light through a leaked National Security Agency intelligence report documenting the extent to which Russia interfered in the 2016 US election in an effort to tip the scales in Donald Trump’s favor. According to the document, Russian military intelligence carried out a cyberattack on at least one US voting software supplier and sent spear-phishing emails to over 100 local election officials days before the November election.
In the case of the nuclear power plant breach, Martin said once hackers had accessed the business network, “it is much, much more vulnerable” despite having a firewall and being segmented off from the operational side.
“And that can have dramatic effects,” he said.