Reuters News recently reported that a major utility had been the target of hackers and that inroads had been made into the utilities control system network. According to Reuters the sophisticated group of hackers had compromised the network, but there did not appear to be any evidence that operations at the utility were at all affected.
Early investigation seems to indicate that a ‘brute force’ attack was used to gain entry via the Internet through a portal that employees had been utilizing. A simple password was used by employees to enter the system and this was where the vulnerability was discovered by hackers and exploited. In another incident, the Department of Homeland Security (DHS) reported that hackers had gained control over what was termed a ‘mechanical device’ for an extended period of time, but did not attempt to exploit their control for malicious purposes.
This recent attack, one of many over the past year alone, highlights the importance of cyber security in the nuclear industry. Our systems are becoming increasingly complex and hackers increasingly competent in their attacks. Security managers need to ensure that their networks are constantly updated and reviewed, sensitive systems remain isolated, and employees schooled in the dangers of social engineering. The issue of cyber security at our nuclear stations is far too important to let slip into mediocrity.