N-plant hit by malware attack

Sandeep Dikshit
Tribune News Service
New Delhi, October 30

The Nuclear Power Corporation India Limited (NPCIL) today owned up to a malware attack on its Kudankulam Nuclear Power Plant.

“Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In when it was noticed by them on September 4, 2019. The investigation revealed that the infected PC belonged to a user who was connected in the internet network used for administrative purposes. This is isolated from the critical internal network,’’ said a statement by AK Nema, NPCIL Associate Director.

This was a welcome change from the disingenuous claim by NPCIL Information Officer R Ramdoss on Tuesday. Not admitting any network at the plant was infected, Ramdoss said, “Any cyber-attack on the control system is not possible.”

However, social media disclosures about the attack made it difficult for NPCIL to continue with the cover-up. This is the first time the government has owned up to a full-scale compromise of a critical sector, which is not treated as an embarrassment but more as an occupational hazard all over the world. Cyber specialists treat successful attacks as a signal to further improve best practices in cyber defence.

What is worrying is that the attack was detected by internet geeks two months ago, but the infection continued till cyber specialist Pukhraj Singh went public with this information.

According to Singh, the credit went to a third-party, a multinational security company, which initially detected the intrusion early last month. 

However, when cyber specialists posted on the net that the infected metadata was still coming to the portals, Singh said, “As a responsible citizen, I went public after a researcher found infection there.”

What can be reasonably ascertained is that the administrative IT network was compromised. The government has stated that the malware didn’t jump the air-gap and compromise critical industrial control systems. In this case, it is suspected to be an employee who plugged in his infected PC into the system.