Executive Summary of “Robust Storage of Spent Nuclear Fuel: A Neglected Issue of Homeland Security”, Institute for Resource and Security Studies (January 2003) focuses on the vulnerability of irradiated fuel stored at the nation’s nuclear power stations  to terrorism and what we can do about it.

Full report of “Robust Storage of Spent Nuclear Fuel: A Neglected Issue of Homeland Security”, Institute for Resource and Security Studies (January 2003) focuses on the vulnerability of irradiated fuel stored at the nation’s nuclear power stations  to terrorism and what we can do about it.

The Federal Bureau of Investigation and the United States Department of Homeland Security are alerting US electric power generators, including nuclear power plant operators, of cyberattacks on the nation's energy infrastructure by foreign-based hackers. 

In a joint statement issued July 7, 2017, the nation's top security agencies said that they “are aware of potential cyber intrusion affecting entities in the energy sector."

The statement said that the cyberattack appears to be “limited to administrative and business networks,” but it is very likely part of an ongoing probe and broader research effort to identify vulnerabilites in cybersecurity for the electric power system including generators and the power grid.  The North American Electric Reliability Corp. (NERC), an industry regulatory group organized to assure the reliability and security of the nation's bulk power system, is reported to be aware of the intrusion and communicating through its secure network. Unnamed government authorities have identified the Wolf Creek nuclear power station in Burlington, Kansas as one of the facilities that was probed by malware embedded in MicroSoft Word documents sent as fake resumes to onsite adminstrators. While no safety systems at the nuclear power station are believed to have been threatened by this cyberattack, it remains a growing concern that this intrusion was a test run for reconnisance conducted by an adversary. 

Bloomberg News and other sources are reporting that Russian hackers are among the suspects responsible for probing the US energy facilities. 

While nuclear power station safety systems by design are more or less isolated from an external cyberattack through the internet, the vulnerability of the electric grid that intially provides 100% of all electrical power to those same safety systems is no longer a theoritical concern. The electric grid is now potentially a cyber target potentially for broader military operations or punitive measures in retaliation for some U.S. action. Nuclear power stations are designed to respond to the loss of offsite power from the grid with the automatic startup of redundant onsite emergency power systems such as diesel generators. However, prolonged or recurring offsite power outages can challenge the durability and reliability of emergency power systems. Moreover, every table top and mock security training exercise for defending a nuclear power plant from an armed assault begins with first knocking out the electric grid. Without offsite power, the backup emergency power systems become part of an onsite target set for sabotage to cause a nuclear meltdown with widespread radioactive consequences.

US Senator Edward Markey (D-MA), top Democrat on the International Cybersecurity subcommittee, has now initiated an investigation. The subcommitte sent letters to the heads of the Department of Defense, Department of Energy, Department of Homeland Security, Federal Bureau of Investigation and the Nuclear Regulatory Commission about how the US is defending its nuclear power plants from foreign attacks and threats. The subcommittee is seeking answers on the number of nuclear plants that suffered attacks, who coordinates cybersecurity for nuclear power and recommendations for improving security. Markey has requested answers by Aug. 10. 

Clearly, more needs to be done to fortify the electric grid system that nuclear power station safety systems and other power generators rely upon. Pre-attack measures could include building in more manual control of the grid and post-cyber attack measures include more sophisticated computer forensics. However, the priority must be to phase out these inherently dangerous and radiologically-enhanced targets and replace them with benign, sustainable and renewable solar and wind power generators. 

The Asbury Park Press in New Jersey published a feature story on July 13, 2017 focusing on the Oyster Creek nuclear station and the cyberattacks on US nuclear power stations.

In an article entitled "Trump Inherits a Secret Cyberwar Against North Korean Missiles," the New York Times reports: 

Last month, a report on cybervulnerabilities by the Defense Science Board, commissioned by the Pentagon during the Obama administration, warned that North Korea might acquire the ability to cripple the American power grid, and cautioned that it could never be allowed to “hold vital U.S. strike systems at risk.”

The American power grid, of course, provides the primary electricity for running safety and cooling systems at U.S. nuclear power plants, including to atomic reactors as well as high-level radioactive waste storage pools.

Although there are emergency backup diesel generators at U.S. nuclear power plants, in case the grid goes down, these too could be targeted by cyber attackers bent on causing reactor meltdowns, or storage pool fires, at U.S. nuclear power plants. In fact, EDGs at U.S. nuclear power plants have a bad reliability record, even absent an intentional cyber attack!

U.S. Sen. Ed Markey (D-MA)Begging the question "Why does NRC even exist then?!", nuclear power industry lobbyists have urged that the U.S. Nuclear Regulatory Commission relinquish legally-required, agency-conducted Force-on-Force security inspections at nuclear power plants, and instead allow the nuclear utilities simply take care of them.

U.S. Senator Ed J. Markey (Democrat-Massaschusetts), a 40-year congressional watchdog on the nuclear power industry, has pushed back strongly against this fox-guards-the-henhouse proposal.

Citing recent revelations of terrorist plots against atomic reactors in Belgium, the 9/11 Commission Report's admission that Indian Point near New York City was under consideration for attack, and the most recent security-related incident at a U.S. reactor (the illegal disabling of a security guard force weapon at Seabrook in New Hampshire), Markey -- in a letter to NRC Chairman Steve Burns -- warned that agency-conducted Force-on-Force security inspections are a legal requirement.

Markey should know -- he authored that section of the Energy Policy Act of 2005 himself!

Markey serves on the U.S. Senate committee of jurisdiction, with oversight on NRC -- Environment and Public Works. In fact, he is Ranking Member (that is, the top Democrat) on the Regulatory Oversight and Waste Management Subcommittee (high-level radioactive waste, stored on-site at atomic reactors in vulnerable indoor wet pools and outdoor dry casks, is itself a serious security risk, despite industry and NRC's attempts to deny this).

A sign of NRC staff's deep and dark cynicism, Dave Lochbaum of Union of Concerned Scientists -- at a public event near Entergy Nuclear's Palisades atomic reactor in Covert, MI in April 2013 -- mentioned that Markey's tireless efforts to hold the agency's feet to the fire, in the form of letters to the Chairman, are jokingly referred to as "Markey-grams." Ironically enough, a series of just such letters addressed Palisades itself. In fact, it was Markey who exposed a major scandal, in June 2012, involving a "crisis in the control room" at Palisades. An earlier example involved a scandalous security breach at Palisades, exposed by Esquire magazine; then-U.S. Rep. Markey was the only Member of Congress to do anything about it.

As Tweeted out by Scott Stapf of the Hastings Group:

Forbes: A #hacking breach at a #nuclear reactor could "kill millions - a cyber 9-11."

The article, entitled "Technologists and Security Experts Warn of Trump's Cybersecurity Plans," quotes a warning by David Cowan, co-founder of VeriSign:

President Trump’s deregulatory policies will jeopardize not only privacy, but also national security. Our homeland’s greatest vulnerability may well be the cyber threat to our critical infrastructure, potentially disrupting life-support services like power and water. Furthermore, a single breach of a water treatment facility, dam, or nuclear reactor can directly kill millions of people – a cyber 9-11. And yet today most of the nation’s utilities run un-patched software on industrial control systems that remain defenseless, awaiting NERC cyber regulations to kick in next year.  A four-year reprieve from these rules by Trump’s administration will expose the U.S. to a massive terrorist attack, and open the door for Russia or other nations to embed cyber bombs in our machinery for future activation. Even if the Defense Department can accurately attribute such attacks, they can only retaliate—they cannot prevent them.