Chennai: Weeks after Kudankulam Nuclear Power Plant authorities sought to deny a cyberattack on its systems and Nuclear Power Corporation of India sought to downplay it, the Central Government confirmed there was indeed a malware attack in the “NPCIL KKNPP Internet connected system”.
Five Lok Sabha MPs including Nationalist Congress Party's Supriya Sule had raised the issue in Parliament urging the PM to clarify on the malware infection and steps taken to investigate the issue as well as ensure safety of nuclear plants in the country.
Responding to a series of questions, Jitendra Singh, Minister of State in the Prime Minister's Office, said, “A malware infection was identified in NPCIL KKNPP Internet connected system.
The malware infection was identified on KKNPP administrative network used for day-to-day administrative activities. The affected system contains data related to administrative function.”
However, he added that plant control and instrumentation system is not connected to any external network such as Intranet, Internet and administrative system.
“The plant systems, which are isolated and not accessible from this administrative network, were not affected. Thus there was no risk to the nuclear power plant at all,” he asserted.
Investigations have been carried out by the Computer & Information Security Advisory Group (CISAG) – DAE along with the national agency, Indian Computer Emergency Response Team (CERT-In).
“The investigations concluded that the malware infection was limited to Administrative network of KKNPP,” he said. According to him, in nuclear power plant systems, security arrangements are in place which secure the plant from cyber-attack.
These security measures include authorisation, authentication and access control mechanisms, strict configuration control and surveillance. Additionally, these plant systems are isolated from internet and are not accessible from administrative network.