The firm running South Korea's nuclear plants has decided to run cyber-war drills following the leak of sensitive data and threats from unidentified hackers.
Korea Hydro and Nuclear Power Co (KHNP) has decided to run the exercises after the online leak of plant equipment designs and manuals last week.
The technical documents were dumped on social media on Friday using an account dubbed "president of the anti-nuclear reactor group”.
The leak of blueprints was the latest in a series of postings that have previously featured air conditioning and cooling systems schematics, a radiation exposure report, and personal data of employees.
Lee Kwan-sup, South Korea's vice minister of trade, industry and energy, admitted the leaks appeared to be genuine documents related to the Gori and Wolsong nuclear power plants, but said they included only “general and unclassified information”.
He stressed that the country's nuclear reactors remain safe from serious harm despite the leaks, South Korea's Yonhap news agency reports.
Hackers warned darkly that the public should "stay away" from three KHNP-run nuclear reaction over Christmas unless they were closed before the holiday season, the BBC reports.
KHNP - the sole nuclear operator in South Korea and operator of 23 plants supplying just under a third of the country’s electricity, part of Korea Electric Power Corp - stresses that the leaked manuals posed no danger to the safety of its reactors.
As there’s no evidence otherwise, the decision to run a cyber security exercise has to be viewed in the context of heightened tensions over the Sony Pictures hack, which the US government blames on North Korea.
In the meantime, KHNP plans to run a “series of large-scale drills at four nuclear power plant complexes” on Monday and Tuesday. KHNP said it was “training staff using simulations of cyber attacks”, World Nuclear News adds.
Tony Burton, director of protection Systems at Thales UK, commented: “The data leak and threats made to KHNP demonstrate the significant threat that cyber attacks pose to the nuclear industry and wider Critical National Infrastructure (CNI). This data leak serves to demonstrate the challenges of making CNI secure against modern and rapidly evolving threats, particularly where ageing technology and infrastructure is being exposed.”
Staff at the Korean nuclear plant are likely to have their work cut out applying an industry-approved cyber-incident response strategy, Burton added.
“As for KHNP itself, we have to remain confident that measures were taken to contain the incident as soon as it was identified. Guidance for this type of breach suggests the response time should be within four hours, with detailed investigations initiated within two days to contain the incident, stop it spreading, forensically identify the source, and eradicate the incident and any chance of recurrence,” he added.
El Reg put a query about the rationale for the tests, as well as a question on whether or not the hack against the utility might be linked to the attack against Sony Pictures, to the relevant bodies.
We’re yet to hear back but will update this story as and when we learn more.
North Korea has repeatedly been blamed for hacks and malware-based attacks on it southern neighbours, such as the so-called Dark Seoul attacks against banks and broadcasters last year.
In hopefully unrelated news, recently declassified US Defense Intelligence Agency intel warned that North Korea planned attacks on US nuclear plants in the 1990s using covert commando teams, Fox News reports. ®