NPCIL admits malware attack at Kudankulam plant, but systems not affected

New Delhi: The NPCIL on Wednesday admitted to a malware attack on one of the computers in Kudankualm Nuclear Power Plant, a day after the plant authorities had asserted that cyberattacks on its systems are not possible.

The Nuclear Power Corporation of India (NPCIL), a public sector undertaking under the Department of Atomic Energy, however, added that the plant systems were not affected.

"Identification of malware in NPCIL system is correct. The matter was conveyed by CERT-In (Computer emergency response team) when it was noticed by them on September 4, 2019," it said.

The matter was investigated immediately by experts of the Department of Atomic Energy which revealed that the infected computer belonged to a user who was connected in the internet network used for administrative purposes.

"This is isolated from the critical internal network. The networks are being continuously monitored. Investigations also confirm that the plant systems are not affected," the statement added.

On Tuesday, Kudankulam nuclear power plant had allayed fears of a cyber attack on its systems after reports emerged that it had become a victim of a cyber attack.

KKNPP training superintendent and information officer R Ramdoss said reports in the social media about cyberattacks were false and clarified that KKNPP and the other nuclear power plants' control systems were 'standalone' and not connected to any cyber networks outside or the internet.

The KKNPP is an Indo-Russian joint venture and Units I and II of 1000 MWe capacity each and they have commenced commercial operations while Units III to VI is under construction.

The attack also refreshed the memories of a virus attack on an Iranian nuclear facility.

Last year, Iran's Natanz nuclear site uranium enrichment facility came under attack from the Stuxnet virus, which it blamed on Israel. It also believed that Stuxnet probably arrived at the nuclear facility on an infected pen drive.

R K Sinha, former secretary of the Department of Atomic Energy (DAE) under whom KKNPP Unit I was connected to the grid, said the systems involved in operating of the plant are completely independent and are never connected to any other system or the internet.

So the possibility of a cyberattack on the systems involved in operating the plant is not possible, he added.

The comments posted here/below/in the given space are not on behalf of Onmanorama. The person posting the comment will be in sole ownership of its responsibility. According to the central government's IT rules, obscene or offensive statement made against a person, religion, community or nation is a punishable offense, and legal action would be taken against people who indulge in such activities.