why sheltering automated systems against cyber-attacks in the nuclear industry is not trivial
In 2008, a software virus replicating the automatic process control system (APCS) of a nuclear facility was recorded for the first time. Back then, the STUXNET worm hit the Bushehr nuclear power plant in Iran. It affected 1,368 out of 5,000 centrifuge systems at the uranium enrichment plant and upset plans for the plant’s launch. This attack demonstrated one of the downsides of automation. The more processes we delegate to a computer, the more serious the consequences in the event of a cyber attack. So what can be done to prevent exposing the safety of nuclear plants?
Cyberattack protection for nuclear plants
In 2015, developers at the National Research Nuclear University’s Moscow Engineering Physics Institute (MEPhI), Russia, created SHIELD, a system to protect the automation systems of industrial enterprises against cyber attacks. The SHIELD takes into account all features of the nuclear power plants and the process control systems installed. It surpasses similar systems in a number of ways.
First, it secures the entire automation system, regardless of the specific method the attackers use to access the automatic process control system. “Second, acting at the lower level, the SHIELD helps to achieve a high variability of the device composition and scalability, regardless of the site-specific hardware and software,” says Ilya Chugunkov, associate professor at the department of computer systems and technologies at the MEPhI Institute of Intelligent Cybernetic Systems, Moscow, Russian Federation.
What makes this solution unique is manyfold. “The SHIELD uses unique algorithms for the analysis of industrial protocols to protect against unauthorised access and undocumented features,” Chugunov adds. In particular, due to its ability to analyse industrial protocols at the signal level, the SHIELD is capable of detecting unauthorised activity for private data transmission protocols. In addition, it checks the correct operation of the process, using behavioural scenarios of the process and templates for sequences of commands. There is also a protection against unauthorised configuration changes and increases in the critical parameters of the nuclear power plant equipment.
The trouble is that nuclear plant systems are no longer isolated from the internet. The employees of nuclear plants are now routinely bringing their own devices and removable media to work. Sometimes the automatic process control system is directly connected to the internet for the convenience of monitoring, remote administration or other purposes. As a result, the number of attacks on such energy infrastructure is growing constantly, according to a report of the US Industrial Control Systems Cyber Emergency Response Team ICS-CERT.
Regardless of the risks associated with employing connected human operators, in reality, nuclear power plants cannot do without modern automation. By helping operators monitor hundreds of indicators in a semi-automatic mode, the automatic process control systems make the nuclear power plant’s operation much safer. They reduces some of the downsides associated with other human factors, such as tiredness or attention-related inefficiencies, because computers do not get tired, distracted or lazy. Furthermore, computers can react and take decisions much faster than humans. When the response time should not exceed fractions of a second, a human operator is simply incapable of replacing the computer.
Antivirus for nuclear power plants
So how do viruses operate? Having infiltrated the nuclear power plant control computers, the virus scans the nuclear power plant automation equipment, identifies the control program–the SCADA-system–reads it and then decompiles and finally makes disruptive changes and intercepts the controllers.
In the case of the Siemens SCADA-system, which was installed at the Bushehr nuclear power plant in Iran, there is an important software component, called Block 35. By interfering in the work of Block 35, the virus could easily cause a malfunction, leading to the station’s self-destruction and a man-made disaster for the whole region. Among other things, it could raise the speed of the turbine rotation to the maximum, turn off the coolant circulation system, block the plant’s safety system and knock out of service the cooling system, electricity generators or enrichment centrifuges.
PC users would be tempted to suggest that nuclear plant operators need to install anti-virus software. And they would be right, essentially. But with some reservations. Desktop viruses are often developed by lone hackers. For this purpose, they study the operating system and identify their vulnerabilities.
By contrast, to write a virus for an automatic process control system hackers need to get their hands on a complete SCADA-system. And they also need to know the layout and the range of the station controllers. Reliable information on such automated control system is only available in the equipment specifications and never publically disclosed. In addition, the criminals would need to have a very good understanding of the nuclear process. This would require highly qualified engineers and technicians with experience in working with large nuclear power plants.
All this suggests that regular anti-virus protection will not work for nuclear power plants. Indeed, it would be extremely difficult to detect threats created by a team of professionals. Unless the automated process computer system of a nuclear power plant is infected with a virus, cyber security rarely makes headline news. Let’s hope that high-quality antivirus solutions will keep cyber attacks out of the news agenda for a long time to come.
Natasha is an engineer at the Institute for Cyber-Intelligence Systems, Moscow Engineering Physics Institute, Russian Federation.
Photo credit: Jakob Madsen Satsop Nuclear Power Plant, Elma, United States