IAEA Chief: Nuclear Power Plant Was Disrupted by Cyberattack

BERLIN (Reuters) —
Director General of the International Atomic Energy Agency, IAEA, Yukiya Amano from Japan speaks during an interview with the Associated Press in Vienna, Austria, Tuesday. Amano said that his experts will have the right to push for access to Iranian military sites under an envisaged nuclear agreement between Tehran and six world powers. (AP Photo/Ronald Zak)
Director General of the IAEA Yukiya Amano. (AP Photo/Ronald Zak)

A nuclear power plant became the target of a disruptive cyberattack two to three years ago, and there is a serious threat of terror attacks on such plants, the head of the United Nations nuclear watchdog said on Monday.

International Atomic Energy Agency (IAEA) Director Yukiya Amano also cited a case in which an individual tried to smuggle a small amount of highly enriched uranium about four years ago that could have been used to build a so-called “dirty bomb.”

“This is not an imaginary risk,” Amano told Reuters and a German newspaper during a visit to Germany that included a meeting with Foreign Minister Frank-Walter Steinmeier.

“This issue of cyberattacks on nuclear-related facilities or activities should be taken very seriously. We never know if we know everything or if it’s the tip of the iceberg.”

Amano declined to give details of either incident, but said the cyberattack had caused “some disruption” at the plant, although it did not prove to be very serious since the plant did not have to shut down its operations. He said he had not previously discussed the cyberattack in public.

“This actually happened and it caused some problems,” he said, adding that while the plant did not have to shut down, it “needed to take some precautionary measures.”

He said the attack was disruptive, not destructive.

Concerns about cyberattacks on nuclear sites have grown in recent years after the emergence of computer malware that can be used to attack industrial controls. The issue flared again after Belgian media reported that the suicide bombers who killed 32 people in Brussels on March 22 originally looked into attacking a nuclear installation.

Korea Hydro & Nuclear Power Co Ltd, which operates 23 nuclear reactors in South Korea, said in 2014 it was beefing up cybersecurity after noncritical data was stolen from its computer systems, although reactor operations were not at risk.

In April, German utility RWE increased its security after its Gundremmingen nuclear power plant was found to be infected with computer viruses. The company said they did not appear to have posed a threat to operations.

Security experts say blowing up a nuclear reactor is beyond the skills of militant groups, but the nuclear industry has some vulnerabilities that could be exploited.

Amano said the U.N. agency was helping countries increase cyber and overall nuclear security through training and a detailed database that included information from 131 countries, and by providing them with radiation detection devices.

Since 2010, the IAEA said it had trained over 10,000 people in nuclear security, including police and border guards, and has given countries more than 3,000 mobile phone-sized instruments for detecting nuclear and other radioactive material.

Amano flagged the issue at an IAEA cybersecurity conference in June 2015, and said it will be key topic at a broader nuclear security summit in Vienna in December.

To Read The Full Story

Are you already a subscriber?
Click to log in!