Indian nuclear plants face cyber security breach

Indian nuclear establishment have set rigorous procedure for design, development and operation of the systems used in its installations. The safety and security critical systems are designed and developed in-house using custom built hardware and software which are subjected to regulatory verification and validation, thereby making them resistant to cyber security threats.Critical infrastructure of nuclear power plant establishment is isolated from Internet and access to such systems is restricted to authorized personnel and is closely monitored. The Department of Atomic Energy (DAE) has specialist groups viz. Computer and Information Security Advisory Group (CISAG) and Task force for Instrumentation and Control Security (TAFICS) to look after cyber security/information security of NPCIL among other constituent units of DAE, including regular cyber security audit. Several measures have also been taken for further strengthening of Information Security in nuclear power plants viz. hardening of internet and administrative intranet connectivity, restriction on removable media, blocking of websites & IPs.

The cyber security infrastructure in DAE’s facilities/plants follow design principles and guidelines setup by DAE CISAG and India’s central cyber security agencies such as CERT-IN. On the plant side, all computer-based systems are based on standards and guidelines formulated by Atomic Energy Regulatory Board and TAFICS which are ultimately derived in large part based on standards established by International Atomic Energy Agency (IAEA).

CT Bureau