This comes amidst multiple reports claiming hackers gained domain controller-level access at the KKNPP

CHENNAI: The Union government has informed Vienna-based International Atomic Energy Agency (IAEA), which is a nuclear watchdog, that Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu is safe and the recent espionage attempt allegedly perpetrated by North Korean group did not affect the plant systems.

In an e-mail confirmation to Express, IAEA spokesperson Sinead Harvey said: "IAEA contacted relevant authorities in India who confirmed that the plant systems are not affected. Nuclear security is a Member State responsibility."

To a query, the spokesperson indicated that the agency would extend its technical assistance, if need arises. "Specific guidance has been developed to assist States with the development and implementation of information and computer security programmes as part of their nuclear security regimes. It includes technical guidance on Security of Nuclear Information, Computer Security at Nuclear Facilities and Computer Security Incident Response Planning at Nuclear Facilities."

This comes amidst multiple reports claiming hackers gained domain controller-level access at the KKNPP.

Initially, Pukhraj Singh, a cyber threat intelligence analyst who had worked with the Indian government, made the disclosure on social media and later a South Korean intelligence organisation Issue Makers Lab (IML) shared 'evidence' claiming, in a series of tweets, that North Korean hacker targeted several top Indian nuclear scientists through 'malware-laced emails'. IML said the purpose of the malware attack was "espionage".

"North Korea has been interested in thorium-based nuclear power. India is a leader in thorium nuclear power technology. Since last year, North Korean hackers have continuously attempted to attack to obtain that information," IML wrote.

In an official statement on October 30, Nuclear Power Corporation of India (NPCIL) said: "Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In (Computer emergency response team) when it was noticed by them on September 4, 2019. The matter was investigated immediately by Department of Atomic Energy (DAE) specialists. The investigation revealed that the infected computer belonged to a user who was connected in the internet network used for administrative purposes. This is isolated from the critical internal network. The networks are being continuously monitored. Investigations also confirm that the plant systems are not affected," the statement added referring to KKNPP hack.

Pavel Rastopshin, Managing Director of Zyfra which is a Finnish-Russian company that develops industrial digitisation technologies, told Express that automated control systems of nuclear power plants are not linked to the Internet, in that it is not physically connected to a global network.

"Such systems transmit relevant information “outwards” (including to a crisis centre) over special, protected communication channels. Conventional networks, for instance, for accounting workflows, are connected to the Internet. But these networks also exist separately and are not physically connected with automated control systems. Nobody can connect to such systems and start illegally managing the nuclear power plant, for instance, by giving commands to extract control rods: the safety system, which is responsible for this, works on unvarying algorithms. Access is forbidden for external carriers."

Nevertheless, the growth in the number of automated control systems, an increase in the number of employees, having direct or remote access to these systems, as well as the emergence of more and more communication channels to monitor and remotely control previously independent variables result in more opportunities to carry out attacks.

"For example, vulnerabilities of communication networks can affect the whole ecosystem of devices connected to the Internet," Pavel said.