APR: your source for nuclear news and analysis since April 16, 2010

Friday, December 26, 2014

News from South Korea leads on the wires at year's end

Kori Nuclear Plant, South Korea - courtesy KHNP

Anyone reading the news over the last week -- international news, that is -- has seen stories here and there on the hacking of Korea Hydro & Nuclear Power in South Korea.  On one particular day, I noticed almost 250 stories about this topic listed by Google's news search.  There is much hyperbole going around, very little fact, and frankly no positive official resolution as of yet.


Here's what we know.  On December 9, a number of emails were sent to various personnel at KHNP in administrative capacities which were addressed from well known but retired former nuclear industry members.  These accounts had in fact been hacked.  The emails contained a malware package that then downloaded itself onto the computer being used, and after arranging for information to be sent out set a timer to destroy the hard drive with only a black screen showing the phrase "Who Am I?" left visible.  The hack accessed a number of what might be called proprietary drawings and plans for KHNP nuclear plants (not the newest, so far as is known) as well as reactor core accident analysis models (these are computer programs or codes) or perhaps just the guides for these, as well as personal data of thousands of KHNP and/or KEPCO (Korea Electric Power Company) employees.

The hacker(s) threatened to destroy by meltdown three specific reactors in South Korea if they were not shut down by Christmas.  The hacker(s) did offer the return of the stolen materials but did so with the request for money.  The group said to be behind this is an anti-nuclear group in Hawaii; the actual perpetrators may be in the U.S. or China or both.

Here's the important fact everyone needs to know:  The hackers, even with the apparent high level of skill used in these attacks, cannot access by internet or radio or short wave or any other interactive means any of the control and monitoring equipment for the nuclear reactors.

Or any nuclear reactors.


The plain fact of this has been repeated time and again by insiders over this week, by KHNP itself, and in a Forbes article by James Conca.  So what's the big deal?  Why, over the last 48 hours, were three plants there surrounded by armed troops?  Why did KHNP / KEPCO perform a two day series of cyberattack drills simulating events occurring to the reactor instrumentation and control requiring manual intervention?

There's only one word for this - and that word is "Preparation."  This is the first time that cyber-war has been specifically targeted in this way against power reactors in South Korea, and since there is apparent high skill on the part of the hackers, no one was about to take the specific, targeted threat lightly. 

The thing to know here is that the computers that were hacked had, or had access to (on mainframe) administrative items.  People's HR info; plant drawings one might use for training or planning; accident analysis codes used both for training and for actual simulation of, say, new fuels; guides for operating various pieces of equipment.  This is like breaking into the trailer of a semi-truck and threatening to disable the engine.  It's part of the truck that was broken into, all right -- but not the cab.  Which isn't accessible via the trailer anyway. 

You still guard the truck.  The WHOLE truck.

Resolution awaits

The final resolution of this act may end up taking a long time.  Attempts involving the FBI in the US and requests for help to China have resulted in scanty details as the hackers are chased across the cyber world, having expertly covered their tracks by using multiple IP addresses.  It may not be known for years -- or maybe, never known -- who actually did this, even if the organization behind it has at least been labeled ("Who Am I" in Hawaii, it's thought.) 

The key of course here is that persons should not open emails with files unless they're expecting those files.  All computers at any plant should have anti-virus running at all times, with appropriate security settings.  Those computers should be firewalled from any plant information if they're on the net. 

Hollywood - right on time, oddly, again

Now, just as this all hits the fan we see coming out a new cyber-combat-war-intrigue movie called "Blackhat," in which hackers supposedly not only hack but control and then melt down and then cause to explode (we're not yet clear on all this) a reactor or two in Taiwan.  Some details.

•There are nuclear plants in Taiwan.
•Their instrumentation and control is not on the net either.
•Unless there's a massive inside job, this isn't any more possible than in South Korea.

The ONLY way this can happen is with an inside job, and something like the whole STUXNET debacle happening.  Believe me though - those lessons were learned.

And we must remember -- the explosions that happened at Fukushima Daiichi Units 1 and 3 (and secondarily at Unit 4) were caused by hydrogen and perhaps carbon monoxide combustion as a result of the core damage to the reactors.  These were NOT explosions of the reactors - the buildings exploded because they were filled with combustible gases.

Now, no one can say that these types of events such as Fukushima Daiichi CAN'T happen (this is why we have such elaborate containment in the first place -- and note that at Three Mile Island, the same thing happened but not no damage occurred because of the completely different containment building design) but we will have to wait and see what this movie is actually saying was done.

Ah, and there was that name -- Three Mile Island.  You know, the accident that occurred right around the time the movie "The China Syndrome" came out?  (Some people think this is no coincidence;  I disagree, but the timing could not have been more striking.)  Now we have this event of cyber threat and right at the same time a movie on the way about it.  Does Hollywood mirror events, or do events follow Hollywood?  Not sinister; just interesting.

Shin-Kori Units 3,4,5 and 6 - APR1400 type.  Courtesy KHNP

Good news

There was a piece of good news that came out of South Korea, but because of the frenzy over the hacking job, it was missed or skipped.  On December 23, KHNP submitted documents to the US Nuclear Regulatory Commission to get the Design Certification for the APR1400 back moving in the United States.  This reinvigorates a process that NRC had halted in December 2013 when it rejected the Design Certification Application from KHNP citing incomplete information.  So, as I reported earlier this year for the American Nuclear Society, it still looks as if the next design to be certified in the US will probably be the APR1400 - which will be a major feather in the cap for KHNP and is considered an icebreaker to further export of the design worldwide.

1:00 PM Eastern 12/26/2014

1 comment:

  1. I worked in food manufacturing till recently. It was simply value-adding processing of one of Australia's staple crops, at an industrial scale. The most dangerous aspect was the hazard of unlikely ammonia refrigerant leak. But the SCADA and all plant controls were still isolated from the internet. It's pretty basic stuff.