July 10, 2017

Senator Markey Queries Federal Agencies About Foreign Cyberattacks on U.S. Nuclear Power Plants

Reports indicate that foreign cyber hackers targeted nuclear plant personnel and companies that manufacture power plant control systems

Washington (July 10, 2017) – Senator Edward J. Markey, top Democrat on the International Cybersecurity Policy Subcommittee of the Foreign Relations Committee, today queried several top federal agencies about foreign cyberattacks on U.S. nuclear power plant operators. In his letter, Senator Markey asks the Defense Department, Federal Bureau of Investigation (FBI), Department of Homeland Security (DHS), Department of Energy, and Nuclear Regulatory Commission (NRC) how many nuclear plants in the United States have been affected by cyberattacks and what coordination exists between the agencies to address the threat. The Homeland Security Department and FBI recently reported that an “advanced persistent threat” actor targeted nuclear plant personnel and companies that manufacture power plant control systems.

According to The New York Times, the targets of the cyber hacking included industrial control engineers with “direct access to systems that, if damaged, could lead to an explosion, fire or a spill of dangerous material.”Bloomberg News reported that the chief suspect in these attacks was Russia, which is also suspected of disrupting energy infrastructure in Ukraine.

The Department of Homeland Security has stated that the impact of these cyber-attacks “appears to be limited to administrative and business networks.” However, there is no guarantee that malicious code could not migrate to physical control systems, and administrative and business networks could also contain information about the safety and security of nuclear plants, as well as personal information about the plant’s personnel. Malicious actors could use this sensitive data to undermine plant security.

“Given the consequences of a breach of safety at a nuclear power station – including the deliberate sabotage of the reactor core or the spent-fuel storage pool – evidence that foreign governments have targeted U.S. nuclear power stations must be treated with the utmost gravity,” writes Senator Markey. “These profound risks to public safety and U.S. national security require a robust and coordinated response across federal agencies.”

A copy of the letter, which was sent to the Defense Department, DHS, the FBI, Department of Energy, and Nuclear Regulatory Commission (NRC), can be found HERE.

In the letter, Senator Markey asks questions that include:

· Do corporate and administrative systems at nuclear plant operators contain any information that malicious actors could use to compromise the safety and security of physical systems or personnel with access to those systems?

· Within the federal government, which agency or agencies are responsible for coordinating cybersecurity at U.S. nuclear power stations?

· Given assessments of the cyber-threat to nuclear power stations, are U.S. nuclear reactor licensees devoting sufficient resources to cyber-security?

· Do the agencies have sufficient funding to address cyber-security vulnerabilities at U.S. nuclear power stations?

###