Guest column: Nuclear power plants protected from hackers

Is hacking nuclear power plants something we should be afraid of?

No. Nuclear plants are still mostly analog and not connected to the Internet. On purpose.

Hackers have been penetrating the computer networks of companies that operate nuclear power stations and other energy facilities, as well as manufacturing plants. A joint report from the Department of Homeland Security and the FBI suggests many of the hackers are backed by governments like Russia and China.

America’s nuclear plants, like our own Columbia Generating Station here in Richland, are one of the best protected of all systems from cyber threats. They are truly operational islands wholly disconnected from the Internet, so hackers can’t affect plant operations, safety and control systems, or other vital plant components.

They can hack some business, personnel and other non-essential files, which may be embarrassing and costly, but not dangerous.

Unlike other industries, the nuclear power industry conducts regular briefings, and receives quarterly classified briefings on cyber and physical threats, with the FBI and DHS to discuss and strategize on threat assessments, and to maintain situational awareness.

So far, no reactors operating in the United States have been affected by hacking.

The nuclear industry does not use firewalls to isolate these systems — that’s not good enough. Much of this is classified, but the plants use hardware-based data diode technologies developed for high assurance environments, like the DOD. Data diodes allow information to be sent out, like operational and monitoring data, but ensure that information cannot flow back into the plant.

Updating software and equipment using portable devices have strict restrictions. Outside laptops and thumb drives cannot be used without serious scrubbing, if at all.

“United States utilities with nuclear assets have very robust cyber security programs dating back to the days of Y2K,” says David Blee, executive director of the U.S. National Nuclear Infrastructure Council.

As a case in point, in 2014, an actual anti-nuclear group began releasing information it had hacked from a South Korean company that operates several nuclear power plants, demanding that the company take their nuclear plants offline by Christmas. Or else!

The only problem is there was nothing important hacked at the plant so their threats were toothless.

Since Russia’s hacking of our 2016 elections came to light, it seems that hacking has become the normal daily occurrence in our Brave New World. Global ransomware attacks are becoming common. Hacking cost the world over $450 billion in 2016, and attacks occur in over 150 countries.

Unfortunately, the global Internet is still developing its immune system. Google’s Project Zero has formed an elite cyber SWAT team that cruises the net like white blood cells.

But nuclear is fine. Like sharks, nuclear has an immune system from the analog age.

New nuclear plant designs, like NuScale Power in Oregon, have more digital systems than existing reactors, but the protective approach of isolating systems is essentially the same — maintain robust network isolation. NuScale’s platform even has non-microprocessor systems — they do not use software and are not vulnerable to Internet cyber-attacks.

So don’t spend sleepless nights worrying about hacking of our nuclear power plants.

It’s the hacking of our democracy that keeps me up at night.

This story was originally published July 22, 2017 at 11:01 AM with the headline "Guest column: Nuclear power plants protected from hackers."