Cyber security strengthened at Kudankulam Nuclear Power Plant post attack: Dr. Jitendra Singh


The Indian Government has informed the Parliament that cyber-security has been further strengthened following the detection of malware in one of the administrative computers at the Kudankulam Nuclear Power Plant.

The news had sent triggered concern about the security of nuclear power plant. The opening day of the winter session of Indian Parliament saw several legislators seeking answers from the Minister of State for Personnel, Public Grievances and Pensions and Prime Minister’s Office Dr. Jitendra Singh.

“In respect of further strengthening of Information Security in administrative networks, various measures have been taken vis. hardening of internet and administrative intranet connectivity, restriction on removable media, blocking of websites and IPs which have been identified with malicious activity,” Dr. Singh told the Parliament.

He also informed the Members of Parliament that a malware infection was identified on Kudankulam Nuclear Power Plant administrative network. The system is used for day to day administrative activities. “The affected system contains data related to administrative function. Plant control and instrumentation system is not connected to any external network such as Intranet, Internet and administrative system. The malware infection was not able to get access to the controls of the nuclear power plant,” Dr. Singh said in a written response to a related question.

The Computer & Information Security Advisory Group of Department of Atomic Energy (CISAG-DAE) has recommended certain measures for immediate and short term implementation. Investigations were carried out by CISAG-DAE along with the national agency, Indian Computer emergency Response Tea, (CERT-In). According to the minister, the investigation concluded that the malware infection was limited to the administrative network of the Nuclear Power plant.

Dr. Singh also enumerated the cyber security arrangements in place in nuclear power plant systems. “These security measures include authorisation, authentication and access control mechanism, strict configuration control and surveillance. Additionally, these nuclear power plant systems are isolated from internet and are not accessible from administrative network,” Dr. Singh added.

The Units 1 and 2 of Kudankulam Nuclear Power plant commenced commercial operation on December 31, 2014 and March 31, 2017 respectively. Since then about 21648 and 10636 million units of electricity have been generated till October 2019 respectively. The total number of outages due to issues related to mechanical equipment since commercial operation have been 6 and 8 in Units 1 and 2 respectively.

In the recent past, an issue with KKNPP Unit-I Turbo generator bearings was faced, which was corrected and thereafter the unit is performing well at its rated power of 1000 MW. In KKNPP Unit 2 increased vibration in generator stator was observed at higher power levels. The unit is therefore presently being operated 65 per cent power. The generator stator is planned to be replaced during the next refuelling outage, which is planned from December 2019.