If indeed a breach has occurred at the Kudankulam Nuclear Power Project, evidence shows that it could be a human problem, and not a network one, and KNPP's diagnostic and denial does little to restore confidence

The Nuclear Power Corporation of India (NCPIL) on Wednesday confirmed that there was indeed a cyber attack on the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu.

In a press statement issued by associate director AK Nema, NCPIL admitted to the claims of the attack, thereby refuting its earlier stance of denying the claims of such an attack. "Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019," the NPCIL statement read. For context, the corporation had on Tuesday denied any cyber attack occurring in its servers, claiming that a cyber attack on the Nuclear Power Plant Control System was impossible.

So why did NCPIL modify its stance? "The matter was immediately investigated by DAE specialists. The investigation revealed that the infected PC belonged to a user who was connected in the internet-connected network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored," said the statement issued by NCPIL.

The NCPIL still claims that the plant's systems were not affected in the attack.

On Tuesday, training superintendent and information officer at KKNPP R Ramdoss had said, "Any cyber attack on the Nuclear Power Plant Control System is not possible," adding, "Presently, KKNPP's Unit-1 and 2 are operating at 1000 MWe and 600MWe respectively, without any operational or safety concerns." He had elaborated on the matter, clarifying that the Kudankulam plant or other Indian Nuclear Power Plants' control systems are standalone and not connected to outside cyber network and Internet.