South Korean Nuclear Operator Conducts Cyber-Drills Following Hack

Korea Hydro and Nuclear Power Co (KHNP), which operates South Korea’s nuclear power plants, is to conduct cyber-attack drills following a hack and the leak of internal data online.

On Friday a hacker whose account claims he is “president of the anti-nuclear reactor group” released blueprints of nuclear reactors on social networks. The release was the latest in a series of leaks dating back to 15 December, according to South Korea’s Yonhap news agency.

Earlier releases have included data on plant air conditioning and cooling systems, a radiation exposure report and personal data of employees.

The leaks have occurred as North Korea engages in a war of words with the US government, which holds it responsible for a disruptive cyber-attack on Sony Pictures last month. However, there is no obvious connection between that incident and the nuclear plant hack, which local reports characterised as the work of an anti-nuclear protester.

The nuclear hacker demanded the closure of three reactors by Christmas, and said that if they were not shut down by the deadline people should “stay away” from them.

KNHP said it would conduct a series of large-scale drills at four nuclear plants on Monday and Tuesday.

The operator said the hack did not affect its core systems and did not undermine the safety of the reactors.

Control system vulnerability

KHNP operates 23 nuclear reactors that supply about 30 percent of South Korea’s electricity, according to South Korean reports.

Security experts have long warned that industrial control systems, such as those that operate critical infrastructure, are increasingly at risk from Internet-based attacks.

On Tuesday, the BBC reported that a blast furnace at a German steel mill suffered “massive damage” after hackers stole login credentials that allowed them to access the mill’s control systems.

In 2010, Iran’s nuclear enrichment equipment was damaged by the Stuxnet worm, said to have been engineered by the US and Israeli governments.

North Korean Internet outage

Meanwhile, the connection between North Korean networks and the rest of the Internet was disrupted for about nine hours on Monday, according to Dyn Research, which provides Internet performance data.

Doug Madory, director of Internet analysis at the company, said the pattern was unusual and could indicate “some sort of attack”, such as a distributed denial of service.

The White House and the US State Department declined to comment.

Are you a security pro? Try our quiz!