Sensitive information available to hackers


Mohammad Jamiul

According to a very recent report on hacking of India’s nuclear information, ‘the Economist’ wrote: “In the first half of this year, no country endured more cyber-attacks on its Internet of Things—the web of internet-connected devices and infrastructure—than India did. So asserts Subex, an Indian telecommunications firm, which produces regular reports on cyber-security. Between April and June alone, it said, recorded cyber-attacks jumped by 22%, with 2,550 unique samples of malware discovered. Some of that malicious code is turning up in hair-raising places”. After the news in international media that Indian nuclear power plant suffered a cyber attack, the questions are being raised whether Indian nukes are in safe hands? The Nuclear Power Corporation of India Limited (NPCIL) has now confirmed that there was a cyber attack on the Kudankulam Nuclear Power Plant (KKNPP) in Tamil Nadu, India, in September.
The management claimed that the nuclear power plant’s administrative network was breached in the attack, but did not cause any critical damage. KKNPP plant officials had initially denied suffering an attack and officially stated that KKNPP and other Indian nuclear power plants are not connected to outside cyber network and internet. Thus, any cyber attack on the Nuclear Power Plant Control System is not possible. The KKNPP is the biggest nuclear power plant in India, equipped with two Russian-designed and supplied VVER pressurized water reactors with a capacity of 1,000 megawatts each. Both reactor units feed India’s southern power grid. The plant is adding four more reactor units of the same capacity, making the Kudankulam Nuclear Power Plant one of the largest collaborations between India and Russia.
On 28th October, reports indicated that malware had been found on the computer systems of Kudankulam Nuclear Power Plant in Tamil Nadu. Pukhraj Singh, a cybersecurity researcher who formerly worked for the National Technical Research Organisation (NTRO), India’s signals-intelligence agency, said he was informed of the malware by an undisclosed third party in September, and notified the government. The attackers, he said, had acquired high-level access and struck “extremely mission-critical targets”. But there is more to that. There is a largely ignored history of Indian illegal nuclear procurement, poor nuclear export controls and mismanagement of nuclear facilities. For instance, India had diverted Canadian-supplied fuel for research and generating power to make nuclear weapons, and the first test was conducted in 1974, and of course 5 tests in 1998 to which Pakistan had responded with six nuclear tests.
As regards the safety of Indian nuclear program, there are numerous hazardous nuclear installations in India India that could lead to major disaster adversely impacting the lives of large populations around these facilities. According to an Australian newspaper (The Age), there is no national policy in India on nuclear and radiation safety. Despite all this, India has never made an effort to adopt world standards and best practices for nuclear safety. Radioactive waste disposal in Indian rivers is an undocumented environmental tragedy in India. Nuclear facilities in India are on coastlines exposed to natural disasters like the monstrous tsunami of 2004. Beside the damage to the environment, there are numerous cases where workers were exposed to high radiation doses. There were 350 documented cases of radiation exposure that were reported at Tarapur up to 2016, which is India’s first nuclear station.
There are a large number nuclear security issues in India because it is prone to insurgent groups and separatist rebels. According to the Daily Mail’s reports, most of India’s top nuclear facilities are located in exceedingly Naxal terrorist struck districts of India or in the “Red Corridor”. Some of the sensitive nuclear installations situated in this “Red Corridor” are, Uranium Corporation of India Limited, Talcher Heavy Water Plant, Institute of Physics, Ceramatic Fuel Fabrication Facility, Nuclear Fuel Complex, Seha Institute of Nuclear Physics, Atomic Minerals Directorate and many more. Around 90% of the Red Corridor areas are a ‘No Go Zones’ for the Indian army and Air Force personnel. In has to be mentioned that there is no writ of the Indian government in Naxal controlled areas. The shocking aspect of Daily Mail’s report is that some Indian nuclear scientists are reportedly assisting Naxal rebels to learn to utilise and transport uranium.
There have been reported cases of the abduction of nuclear scientists from these areas, which is a very disturbing situation with respect to the safety and security of nuclear weapons. The Indian government needs to take concrete and verifiable steps to ensure the safety and security of their nukes. In 2016, an independent US report had declared the Indian nuclear program not only unsafe but also called for a satisfactory international oversight. The report by the Belfer Center at the Harvard Kennedy School identified problems arising from the gaps in the commitments that India made after the nuclear deal with the US, and focused on India’s separation plan, its Safeguards Agreement and Additional Protocol. The authors of the report titled ‘The Three Overlapping Streams of India’s Nuclear Programs further highlighted that Pakistan had a reason to be concerned that India could use its unsafeguarded portions for boosting its nuclear weapon system.