Since May of this year, hackers have been penetrating the computer networks of companies that operate nuclear power stations and other energy facilities, as well as manufacturing plants in the United States and other countries. This is according to security consultants and a joint report issued by the Department of Homeland Security (DHS) and the FBI.
Reported by both the New York Times and Bloomberg, the Wolf Creek Nuclear Operating Corp., which runs a nuclear power plant in Kansas, was one company hit by cyber intruders. Wolf Creek officials told the Times that no “operations systems” were affected, and that its corporate network is separate from the network that controls the nuclear plant’s operations.
According to the New York Times, "The report did not indicate whether the cyberattacks were an attempt at espionage or part of a plan to cause destruction. There is no indication that hackers were able to take control of facility systems, nor is it known how many facilities were breached." In a joint statement with the FBI, a DHS spokesman said, “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks.”
John Keeley, a spokesman for the Nuclear Energy Institute, which works with all 99 electric utilities that operate nuclear plants in the United States, said nuclear facilities are required to report cyberattacks that relate to their “safety, security and operations.” None have reported that the security of their operations was affected by the latest attacks, he said. And the North American Electric Reliability Corp., a nonprofit that works to ensure the reliability of the continent’s power system, said it was aware of the incident and was exchanging information with the industry through a secure portal. “At this time, there has been no bulk power system impact in North America,” the corporation said in an emailed statement.
Bloomberg reported that the Department of Energy also said the impact appears limited to administrative and business networks and said it was working with utilities and grid operators to enhance security and resilience. “Regardless of whether malicious actors attempt to exploit business networks or operational systems, we take any reports of malicious cyber activity potentially targeting our nation’s energy infrastructure seriously and respond accordingly,” the department said in an emailed statement.