October 11, 2016
The head of an international nuclear energy consortium said this week that a cyber attack caused a “disruption” at a nuclear power plant at some point during the last several years. Yukiya Amano, the head of the International Atomic Energy Agency (IAEA) didn’t go into detail about the attack, but warned about the potential of future attacks, stressing on Monday that the idea of cyber attacks that impact nuclear infrastructure isn’t an “imaginary risk.’
“This issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously. We never know if we know everything, or if it’s the tip of the iceberg,” Amano told reporters in Germany. Amano refused to disclose much about the attack, electing not to say where or when it happened, but said it managed to disrupt day-to-day operations at the plant. While it wasn’t forced offline, the facility had to take what he called “precautionary measures” to mitigate the attack. It’s unclear whether Amano will ever disclose which power plant was affected, or when the attack happened. He told Reuters it occurred “two to three years ago,” and declined to get further into the incident, which was previously unknown. Dewan Chowdhury, the founder and CEO of MalCrawler, a service that protects ICS and SCADA systems from malware, said that since there’s so little information around the attack, it’s too early to pinpoint exactly what happened. “It could be ransomware, malware, a targeted attack; it’s anyone’s guess what it could be,” Chowdhury said. Chowdhury said he hoped the IAEA’s confirmation of an attack, even if it was years ago, would help generate awareness around cybersecurity and nuclear issues in the future. That said, he wasn’t surprised with Amano’s statement.