Hours after a cybersecurity expert claimed on Twitter that the Kudankulam Nuclear Power Plant’s (KKNPP) domain controller-level access could have been compromised, officials categorically denied it on Tuesday.
KKNPP Site Director Sanjay Kumar said the totally isolated network of KKNPP could not be accessed by any outside network from any part of the globe. Hence, there was no question of it being hacked.
Asked if power generation was stopped last week in the second reactor due to a possible compromise, Mr. Kumar said it was purely due to the malfunctioning of a mechanical device in the turbine section, and not due to any electronic complication.
“While the first reactor of KKNPP is generating 1,000 Mwe power, the capacity of the Russian supplied VVER reactor, the second unit is producing 670 Mwe electricity [as on Tuesday morning],” Mr. Kumar said.
A press release from the plant information officer also said a cyberattack was not possible.
A press statement subsequently issued by R. Ramdoss, Training Superintendent and Information Officer, KKNPP, said that in the plant and other Indian nuclear power plants control systems stand alone and are not connected to outside cyber network and Internet. Hence, any cyberattack on Nuclear Power Plant Control System was not possible.
On Monday night, Pukhraj Singh, an independent expert on cyber security, tweeted, that domain controller-level access at the plant had been breached. “Extremely mission-critical targets were hit,” he said.
However, a senior-most official of KKNPP told The Hindu that at the isolated networking system of the KKNPP Universal Serial Buses (USB), compact discs etc could not be used as these ports had been deactivated in all the systems on the KKNPP premises. It could not be accessed by any of the networks from any part of the world. Moreover, all the systems had been loaded with home-grown firewalls to check the hackers’ attempts, if any.
“When an Iranian nuclear power plant came under suspected cyberattack, the Nuclear Power Corporation of India Limited (NPCIL) took all precautionary measures though it had already put in place an isolated network. Moreover, Integrated Business Administration was incorporated in all nuclear power plants across India to ensure paperless functioning and communication with the headquarters at Mumbai,” he asserted.
The official revealed that a cyber security audit was conducted recently after a futile attempt to hack the NPCIL’s isolated network was made. Though the sophisticated system put in place sensed and successfully thwarted the attempt, the cyber security audit was conducted to reaffirm that it was foolproof.
“So there is no need for panic as the healthy reactors are generating power,” he said.
When asked about the possibility of hand-held communication devices being used, the official said there was no possibility of smuggling such devices into the plant premises as two-tier thorough checking is conducted everyday on the employees and the contract workers.
“The employees and the contract workers cannot take inside even their mobile phones. We have installed some electronic gadgets at these points to detect and make the hand-held devices defunct. So there is no possibility of using it on the site,” he maintained.