No cyberattack on Kudankulam Nuclear Power Plant, say officials

Officials deny that the site was hacked, hours after a cybersecurity expert claimed on Twitter that the Plant’s domain controller-level access could have been compromised.

October 29, 2019 12:20 pm | Updated 10:01 pm IST - Tirunelveli

The Kudankulam nuclear power plant. File photo: PTI

The Kudankulam nuclear power plant. File photo: PTI

Hours after a cybersecurity expert claimed on Twitter that the Kudankulam Nuclear Power Plant’s (KKNPP) domain controller-level access could have been compromised, officials categorically denied it on Tuesday.

KKNPP Site Director Sanjay Kumar said the totally isolated network of KKNPP could not be accessed by any outside network from any part of the globe. Hence, there was no question of it being hacked.

Asked if power generation was stopped last week in the second reactor due to a possible compromise, Mr. Kumar said it was purely due to the malfunctioning of a mechanical device in the turbine section, and not due to any electronic complication.

“While the first reactor of KKNPP is generating 1,000 Mwe power, the capacity of the Russian supplied VVER reactor, the second unit is producing 670 Mwe electricity [as on Tuesday morning],” Mr. Kumar said.

A press release from the plant information officer also said a cyberattack was not possible.

A press statement subsequently issued by R. Ramdoss, Training Superintendent and Information Officer, KKNPP, said that in the plant and other Indian nuclear power plants control systems stand alone and are not connected to outside cyber network and Internet. Hence, any cyberattack on Nuclear Power Plant Control System was not possible.​

​On Monday night, Pukhraj Singh, an independent expert on cyber security, tweeted, that domain controller-level access at the plant had been breached. “Extremely mission-critical targets were hit,” he said. ​

​However, a senior-most official of KKNPP told The Hindu that at the isolated networking system of the KKNPP Universal Serial Buses (USB), compact discs etc could not be used as these ports had been deactivated in all the systems on the KKNPP premises. It could not be accessed by any of the networks from any part of the world. Moreover, all the systems had been loaded with home-grown firewalls to check the hackers’ attempts, if any.​

​“When an Iranian nuclear power plant came under suspected cyberattack, the Nuclear Power Corporation of India Limited (NPCIL) took all precautionary measures though it had already put in place an isolated network. Moreover, Integrated Business Administration was incorporated in all nuclear power plants across India to ensure paperless functioning and communication with the headquarters at Mumbai,” he asserted.​

​The official revealed that a cyber security audit was conducted recently after a futile attempt to hack the NPCIL’s isolated network was made. Though the sophisticated system put in place sensed and successfully thwarted the attempt, the cyber security audit was conducted to reaffirm that it was foolproof.​

​“So there is no need for panic as the healthy reactors are generating power,” he said.​

​When asked about the possibility of hand-held communication devices being used, the official said there was no possibility of smuggling such devices into the plant premises as two-tier thorough checking is conducted everyday on the employees and the contract workers.​

​“The employees and the contract workers cannot take inside even their mobile phones. We have installed some electronic gadgets at these points to detect and make the hand-held devices defunct. So there is no possibility of using it on the site,” he maintained.​

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.