2 July 2017
The short post ‘New Ransomware Crippling Chernobyl Sensors’ published on 28 June 2017 by Jack Laidlaw at HACKADAY deeply frightened me. I was relieved to read, that no Industrial Control Systems (ICS) were affected.
The following press statement was published at the Power Plant’s homepage:
As of 27.06.2017 due to the cyber attack: the SSE ChNPP’s official website was not accessible, servers for controlling the local area network and auxiliary systems of SSE ChNPP information resources (mail server, file-sharing servers, Internet resources’ access server, electronic document flow system server) were switched off. There was partial failure in operation of personal computers of workplaces of operators of individual radiation monitoring systems without loss of the control function as a whole.
From the recent cyber-attacks on industrial systems we know, that the attacks always start in the office network of a production site. Once an office computer is hijacked, the cyber criminals use it as a base to further probing the network until they find a weakness in the network configuration which allows them to attack the production network.
Thus, we should not take this matter lightly. In my opinion, the production network of nuclear power plants must be fully isolated from the office network, and the internet. Period.
Have a good week.