Kudankulam cyberattack no threat to plant operations, minister confirms

22 November 2019

Indian Minister of State Jitendra Singh confirmed to the country's parliament this week that a cyberattack discovered in September at the Kudankulam nuclear power plant had been limited to the plant's administrative network.

Jitendra Singh addressing the Lok Sabha (Image: @DrJitendraSingh/Lok Sabha TV))

In answer to a written question in the Lok Sabha on 20 November, Singh said the internet-connected network where the malware infection had been found was used to manage day-to-day administrative activities at the plant. The plant's control and instrumentation system is not connected to any external network including the internet, intranet and the administrative system.

"India's nuclear plants are safe and it is the responsibility of all to undertake a mass awareness campaign to allay public apprehensions about alleged hazardous effects," Singh tweeted.

Plant operator Nuclear Power Corporation of India Ltd (NPCIL) said on 30 October that investigations had begun immediately after CERT-In discovered the malware on 4 September and that plant systems had not been affected. Investigations by the Department of Atomic Energy's Computer and Information Security Advisory Group and the Indian Computer Emergency Response Team (CERT-In) - a national agency for responding to computer security incidents - had concluded the infection was limited to the power plant's administrative network.

Kudankulam, in Tamil Nadu, is home to two operating AES-92 VVER reactors supplied by Rosatom subsidiary Atomstroyexport, built by NPCIL and commissioned and operated by NPCIL under International Atomic Energy Agency safeguards. Two further AES-92 units are under construction at the site, and are scheduled to enter commercial operation in 2025 and 2026, respectively.

Researched and written by World Nuclear News