Breach at US nuclear plants raises concerns in wake of Petya

The Petya (or NotPetya) malware hit numerous prominent targets last week but one famous name jumped out of the victim list with eye-scorching immediacy –  the former Ukrainian nuclear power station at Chernobyl.

For anyone old enough to remember the 1980s, the Chernobyl accident and the radiation it released in a cloud across Europe is a byword for nuclear disaster, and the human tendency to underestimate the importance of having a plan B. The area around the plant (pictured)  is still an abandoned exclusion zone, 31 years after the disaster.

The site’s still-dangerous radiation levels are now monitored on a 24×7 basis, aided by an automated measurement system that reportedly had to be turned off after Petya infected computers used to manage this process.

With unsettling symmetry, at the height of the Petya scare, industry site E&E News got wind of a breach “affecting multiple nuclear power generation sites” in the US “in recent months”.

Said E&E:

No public authorities have issued word on who may be responsible, but agencies are looking at the possibility that another country may be behind the hack.

The timeline makes the direct involvement of Petya less likely but the timing of the revelation seems like more than coincidence, as does the thematic suspicion falling on a nation state as being behind the attacks.

Reportedly, the US nuclear breach wasn’t considered serious enough to warrant the filing of a full report with the International Atomic Energy Agency (IAEA) but it did, disconcertingly, end up being given its own ominous code name, “Nuclear 17”.

And then at the end of last week the US government warned of a hacking campaign targeting the nuclear and energy sectors, with a report from Department of Homeland Security and the FBI alerting companies to a phishing campaign designed to steal credentials and get access to networks.

At the moment, little is known about the dimensions of this incident but code names for cyberattacks are never a good sign in the security sector, let alone nuclear power.

The energy sector is still digesting the significance of two attacks on Ukrainian power systems a year apart from one another in 2015 and 2016. In an earlier story covering the later incident, Naked Security noted that it’s as if Ukraine had become a laboratory for probing energy systems for weakness.

With Petya apparently centred on a Ukrainian financial software suite called MeDoc – the malware’s so-called “patient zero” – the country still seems to be a useful crucible to trial increasingly advanced forms of hacking.

Chernobyl being caught up with Petya was probably coincidental but nevertheless symbolic. That catastrophe was an accident, but the thought that someone might come back to deliberately sow mayhem in a nuclear or energy system is one the world might yet have to come to terms with.

As with Petya, and WannaCry, the private worry about Nuclear 17 is that the unfolding EternalBlue leak of alleged NSA spying tools and vulnerabilities might be feeding attacks that are starting to manifest in all sorts of sectors.