Cyber war "smoke" | India’s nuclear power plant was attacked by cyber attacks, and mankind faced new nuclear risks.

2025年7月26日 | admin | B2

Indian officials admitted that the computer network of the largest Kudankulam nuclear power plant was attacked from outside in October. The nuclear power plant is mainly designed and supplied by Russia with reactor units to provide electricity for the southern power grid of India. This nuclear power plant has become one of the largest cooperation projects between India and Russia.

According to the American Bulletin of Atomic Scientists, although the reactor operation of Kudankulam nuclear power plant has not been affected, this incident once again warns that the two biggest security risks of human society, namely cyber attacks and nuclear deterrence, are in a dangerous "collision", and its serious consequences may completely turn into uncontrollable man-made disasters.

Kudankulam nuclear power plant 

There have been more than 20 cyber attacks on nuclear facilities in the past 30 years.

The cyber attack on India’s nuclear power plant naturally reminds people of the past when Iran’s nuclear power plant was attacked by the "Shenzhen" virus in 2010, resulting in the paralysis of more than 1,000 centrifuges. In fact, the incidents of cyber attacks on nuclear power plants continue.

According to media reports, there have been more than 20 known cyber attacks against nuclear facilities since 1990. These incidents include malicious intrusions caused by software vulnerabilities and test updates. Although compared with the "Shenzhen" virus incident, these are not well known, but it also clearly shows that nuclear facilities can no longer be spared from cyber attacks. Cyber attacks on nuclear power plants may lead to great disasters and should be highly valued.

For all this, the initiator of cyber warfare and nuclear weapons, the clearer the result, the more fearful the psychology. The United States has regarded cyber attacks as the primary threat beyond terrorism. As early as 2009, after Obama, the "cyber president", took office, he immediately launched a 60-day cyberspace security assessment, and immediately took cyber security, nuclear security and combating terrorism as a "trinity" national strategy. Former US National Intelligence Director and Admiral Mike McConnell once pointed out that "terrorist organizations will master complex network technologies sooner or later, just like nuclear proliferation, but it is easier for them to achieve."

Informatization is a "double-edged sword", which is a golden opportunity and contains unprecedented risks. As the digitalization of nuclear reactor instruments and control systems increases, the possibility of harm caused by malicious and unexpected network attacks is also increasing. At the same time, according to a report published by Chatham House, a British think tank, in 2015, network security is a common shortcoming in the nuclear power industry, which runs through management, training and user behavior. Both natural loopholes and man-made defects may become convenient doors for cyber attacks and directly ignite the fuse of nuclear facilities out of control.

The consequences may be as the then US Secretary of Defense Panetta warned on October 11, 2012, "Cyber attacks can destroy the operation of passenger trains, pollute water supply or shut down most of the electricity supply in the United States, which can be the online version of Pearl Harbor incident, causing a lot of physical damage and casualties, paralyzing daily operations, shocking people and creating new fears."

The accident at Chernobyl nuclear power plant left a deep impression on the world.  

Indian nuclear power plant or infected with Trojan virus

The malware infected in the intranet of India’s nuclear power plant is said to have been developed by a hacker organization in a certain country and belongs to the variant of backdoor Trojan horse. Its functions include stealing keyboard records of devices, retrieving browser history records, and listing running processes, etc. It does not seem to be a malicious direct destructive virus. But not coincidentally, just a few days before the media reported the cyber attack, the nuclear power plant unexpectedly shut down a reactor. Although the relevant institutions strongly deny that the incident is related to the invasion of malicious software, the consequences of the network attack on the power grid are likely to be unpredictable and more difficult to control.

The thrilling collapse of Ukrainian power grid in the cold winter of 2015 was considered by Russian hackers. In March this year, Venezuela’s national power grid was paralyzed in a large area, and its president and information minister called it a cyber war carefully planned by the United States. In June this year, the suspense of multi-country power grid paralysis in South America, Russian experts must be American cyber warfare exercises, in an attempt to trigger social unrest in the region. In fact, including the rumors of American officials that their cyber forces preset malicious code in the Russian power grid, there is a shadow of "undeclared war" behind them, which represents a new invasion mode that can quietly cause large-scale damage; Even more, the fear of "cutting the bottom of the pot" is enough to destroy the electric energy that modern society depends on and cause the paralysis of the whole society.

Besides, the terrorists haven’t stopped thinking for a moment. The demonstration effect of the network power makes the terrorists’ hearts beat faster, and it is very likely that they will finally master the advanced cyber attack technology. The world has long been alert to this. On December 17, 2013, the United Nations Security Council unanimously adopted Resolution 2129, explicitly cracking down on the use of the Internet to commit terrorist acts. However, at present, cyber terrorism is only in the initial stage of development, that is, using the network for mobilization, publicity, series connection, fund-raising and other activities. Once terrorists master the leading technology of cyber attacks, it is entirely possible to cause heavy casualties. This is the "cyber 911" or "cyber Pearl Harbor" incident that senior American officials have been warning about.

In recent years, the US military and intelligence departments have vigorously developed cyber attack weapons, which has increased the risk of the proliferation of cyber weapons.

Be wary of the integration of cyber attacks with nuclear disasters and terrorism.

The United States regards cyber security, nuclear deterrence and counter-terrorism as a "trinity" national strategy, but the result is not satisfactory, but there are bad signs of the convergence of the three major risks. Although there are many reasons for this, the "law of the jungle", double standards and hegemonic thinking that it has been pursuing are hard to escape. From the "Shenzhen" virus to the release of the "eternal blue" weapon, it undoubtedly gives terrorists technical guidance and demonstration effect, and combating cyber terrorism has become a common difficulty for human society. To find a solution, we should not only devote ourselves to the difficult process of destroying nuclear weapons, but also strictly control the uncontrolled implementation of cyber attacks and prevent the creation of a breeding ground for terrorism.

Regarding the lessons that should be learned from the cyber attack on India’s nuclear power plant, the focus is on safety culture. The Hague Communiqué in 2014 also listed nuclear safety culture as the first of the three pillars of nuclear safety. The Nuclear Regulatory Commission (NRC) of the United States has put forward guidelines to its operators for human resources development and performance evaluation to improve the network security of nuclear power plants. The National Nuclear Military Administration (NNSA) of the United States has incorporated network security into its security assessment, technical exchange and training plan. The United States has also cooperated with the International Atomic Energy Agency (IAEA) to develop a network security training course for nuclear power plant operators; The International Atomic Energy Agency has also published a technical guide on computer security, and has also held a network security course for nuclear power plant operators for the first time. Organizations such as the World Nuclear Safety Association and the World Association of Nuclear Operators can also share information on best practices.

Despite such efforts, it is not enough. Although the lack of safety culture needs to be solved urgently, the harm of jungle culture is even greater, which is the real catalyst for the integration of cyber attacks, nuclear disasters and terrorism. The nuclear explosion in Hiroshima and Nagasaki in 1945 should not be forgotten. In 1986, the Chernobyl nuclear power plant exploded, and the radiation pollution was 100 times that of the atomic bomb explosion in Hiroshima, Japan. The Fukushima incident in 2011 shocked the whole world, and more than 200,000 people were directly implicated. Eight years later, the impact has not been completely eliminated.

To this end, in the face of cyber attacks on India’s nuclear facilities and concerns about cyber terrorism, we need to warn again: First, cyberspace is interconnected, and no one can be immune to it. The shortcomings of others may be the springboard to attack you; Second, cyber attacks on nuclear facilities are fundamentally different from those in Hiroshima and Nagasaki, and it is impossible to enjoy the fruits of nuclear deterrence without suffering from nuclear explosions after dropping nuclear bombs; Third, human society must abandon the "jungle law" and firmly establish a new culture of "cyberspace destiny community" in order to make cyberspace a common well-being.

(The author is the executive deputy director of the Anti-Terrorism and Cyber Security Governance Committee of the China Police Law Research Association)