Photo Illustration by Emil Lendof/The Daily Beast

Journalist Ted Koppel, formerly with ABC News, recently published a book warning about cyber-attacks on the electric grid.

It may have just happened for the first time that can be proven.

This article by Shane Harris in the Daily Beast cites numerous government and industry cyber-security experts, who warn that an electricity outage in western Ukraine that took place just before Christmas could have been caused by an intentional cyber-attack. If it was, this would be the first time such a cyber-attack on the electric grid caused an electricity outage, anywhere in the world, the article reports.

And to add to the concern, there is conjecture that the Russian government may have been behind the attack, or at least approving of it.

The attacks raise concerns about the vulnerability of the U.S. electric grid to a similar cyber-attack. As reported by the article:

The attack in Ukraine could be a bad omen for the U.S. power grid. Malicious software that was found on the networks of the [Ukrainian electric] company, Prykarpattyaoblenergo, was also used in a campaign targeting power facilities in the U.S. in 2014. It caused no damage but it set off alarms across the security and intelligence agencies.

At the time, the Homeland Security Department warned companies about the malware, known as BlackEnergy, which it said had been used in a hacking campaign that “comprised numerous industrial control systems environments…”

Industrial control systems are used to regulate the flow of electricity and to remotely control critical systems at power facilities. Security experts have warned for years that they could be commandeered via the Internet and give a hacker the ability to turn off electricity to whole cities.

Of course, the loss of electricity from the grid to nuclear power plants could begin a descent into chaos that ends in catastrophic radioactivity releases. The alternating current (AC) from the electric grid is the primary source of power to run safety and cooling systems at atomic reactors, as well as their adjacent high-level radioactive waste storage pools.

If the grid is lost, nuclear power plants do have back up emergency diesel generators (EDGs). However, these too could be cyber-hacked and rendered dysfunctional. In addition, the article mentions that cyber-attacks could lead to weeks or even months of blackout. Diesel fuel supplies to run EDGs at nuclear power plants are measured in days, not months.

A cyber-attack on the Ukrainian electric grid is especially troubling, considering that Ukraine has 15 operational atomic reactors.

And Caroline Baylon et al. at Chatham House in the U.K. have published a report, Cyber Security at Civil Nuclear Facilities: Understanding the Risks.

Update on January 8, 2016 by admin

As reported by Tracy Staedter at Discovery.com, "Ukraine Power Grid Hack Could Happen in U.S."

Update on January 10, 2016 by admin

Jeremy Kirk at NetworkWorld has reported that "Malware alone didn't cause Ukraine power station outage: The attackers manually intervened to open breakers that caused power outages."

Update on January 11, 2016 by admin

As reported by Jeremy Kirk at NetworkWorld: "Russian group suspected to be linked to Ukraine power station cyberattack."

That is the online title of an op-ed by Ted Koppel appearing in the Washington Post (the hardcopy headline reads "Before the cyber-blackout"). Koppel, best known for hosting the ABC news program “Nightline” from 1980 to 2005, is the author of the new book, Lights Out: A Cyberattack, a Nation Unprepared, Surviving the Aftermath.

The op-ed raises the specter of a power outage lasting not hours, or days, but weeks, or months, due to a coordinated cyber-attack on the vulnerable U.S. electricity grid.

But the op-ed does not address what this would mean at the 100 still operating atomic reactors across the country, and even at the numerous atomic reactors permanently shutdown. Even if operating atomic reactors were able to power down and shutdown safely during a power outage, their thermally hot cores would still have to be cooled for several days before cold shutdown was reached.

After all, the three operating reactors at Fukushima Daiichi, Japan did successfully SCRAM the moment the 9.0 earthquake struck on 3/11/11. It was the inability to cool the cores in the following days, due to the loss of the electric grid and the backup emergency diesel generators (EDGs) that led to the triple-meltdown.

This is the cautionary tale for a massive cyber-attack on the U.S. electric grid, vis a vis nuclear power plants. The hot cores would need to be cooled for at least several days, if not longer, before cold shutdown was achieved. But so too would high-level radioactive waste storage pools, even at atomic reactors that have been long permanently shutdown.

For hot reactor cores, this means EDGs would have to take the place of the electric grid, as the source of power to run the safety and cooling systems, for days or longer. But only so much diesel fuel is required to be stored on-site at reactors, as little as days' worth. The mass societal disruption caused by a widespread power outage would make diesel fuel re-supply to atomic reactors difficult to impossible.

This could make harrowing decisions necessary. For example, during the aftermath of Hurricane Andrew in 1992, diesel fuel supplies for EDGs at area hospitals had to be re-directed to the Turkey Point nuclear power plant, to keep EDGs running there. Thus, electricity at hospitals, in the aftermath of a major hurricane, was deemed secondary, as the priority had to be preventing a meltdown at an atomic reactor.

In the case of high-level radioactive waste storage pools, at both still operating reactors, as well as long permanently shutdown ones, the emergency would be initially complicated by the inexplicable fact that the Nuclear Regulatory Commission (NRC) does not require pools to be connected to EDGs in the first place. The power to run the safety and cooling systems on pools is entirely reliant on the electric grid. Thus, if the grid is lost, the pools will be entirely without electricity -- unless and until, in an ad hoc fashion, EDGs can quickly be connected to the pools.

Cooling thermally hot reactor cores invovles a much shorter fuse than cooling pools. The former allows only hours without cooling, before meltdown begins. But even the longer fuse with pools -- days or even weeks before pool water boils off, all the way down to the tops of the irradiated fuel assemblies stored in the bottom of the pool, under tens of feet of water, could be implicated. After all, Koppel warns that the cyber-attack on the electric grid could result in not hours or days of power outage, but weeks or months.

Again, at Fukushima Daiichi, it took 10 days just to restore the lights in a single control room. It took much longer to re-establish stable cooling water supplies to the melted down reactor units, as well as to the high-level radioactive waste storage pools. And that involved an albeit massive one-two punch of natural disasters, earthquake and tsunami, not an intentional attack.

An ironic image accompanied Koppel's op-ed, showing the Empire State Building towering over the skyline of a blackout-darkened New York City just before dawn in August 2003 (photo by George Widman/Associated Press, see above). The August 2003 Northeast Blackout was the second largest in history, affecting more than 50 million people in the northeast U.S., as well as Canada. A couple dozen atomic reactors in both countries had to power down and rely on EDGs to cool their still thermally hot shutdown cores, as a safety precaution, due to the instability of the electric grid. Ironically enough, that power outage was not due to a cyber-attack, but rather to a tree branch, touching a power line, in northwest Ohio. FirstEnergy Nuclear Operating Company (FENOC) was in the process of hemorrhaging $600 million due to its Hole-in-the-Head fiasco at the Davis-Besse atomic reactor. The replacement reactor lid for its dangerously corroded one, along with the replacement power costs and even NRC and Department of Justice fines, meant FENOC didn't have the money to pay for tree-trimming in its service area. But, conveniently for FENOC and the nuclear power industry, those devilishly detailed dots rarely to never get connected to the Northeast Blackout of August 2003.

As reported by John Bryk at NetworkWorld, in an article entitled "Non-technical manager’s guide to protecting energy ICS/SCADA":

Sophisticated cyber-attacks known as Advanced Persistent Threats (APT) are a growing challenge to the energy sector of our nation’s critical infrastructure. These attacks can largely be attributed to well-funded, dedicated nation-state actors.

APT attacks against Industrial Control Systems (ICS) and to Supervisory Control and Data Acquisition (SCADA) systems are increasing; the U.S. Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) cited ICS/SCADA and control system networks as one of the top two targets for hackers and viruses. These vulnerabilities begin with the human interface (13% of vulnerabilities required local access) and end with the actual Internet-facing ICS/SCADA hardware (87% of vulnerabilities are web-accessible).

There is a firm business argument that support the protection of ICS/ SCADA. Without proper safeguards in place, continued APT attacks will cause disruption, degradation, disability, and possible destruction of costly and/or irreplacible Energy Sector equipment and facilities. The economic impact to energy companies would be minor in comparison to the impact of a loss of electricity, natural gas, and petroleum throughout the United States. It is in the best interest of both Energy Sector companies and the Nation to immediately plan, fund, and effectively secure ICS/SCADA from front-to-back.

The article concludes with a "Call to Action," stating:

It is not unusual for energy sector partners to experience multiple millions of probes or attacks in a single day. One electrical producer reported 17.8 million occurrences in a 24-hour period. This is the reality of cybersecurity; the attacker only has to be lucky once. You, as the defender, must be perfect every time.

The loss of even short-term energy sector capability could be devastating for the lives of all U.S. citizens. Managers within this sector bear a social, moral, and legal responsibility to protect all facets of cyber and physical security within their span of control.

No longer is the question, “Can we afford the equipment?” The question has become, “When my industry becomes incapacitated in a cyber-attack, who will the public blame? Who will find their names in the newspaper? Who stands to lose everything?” The answer is, you and your company.

Of course, with atomic reactors, and other nuclear facilities such as high-level radioactive waste storage pools, a successful cyber-attack could cause a catastrophic release of hazardous radioactivity.

Workers at the Wolsong nuclear power plant participate in an anti-cyber attack exercise, Gyeongju, South Korea. Photo: Getty Images.On Oct. 5, 2015, Chatham House/The Royal Institute of International Affairs published a report entitled Cyber Security at Civil Nuclear Facilities: Understanding the Risks.

The report does perform the public service of making abundantly clear that the risks of cyber attacks at nuclear power plants, and other nuclear power related facilities, are very serious. And that the nuclear power industry, and the government agencies in charge of protecting public health, safety, security, and the environment are not taking the risk of cyber attacks anywhere near seriously enough.

However the report also does the disservice of assuming that the nuclear power industry is essential, and must be continued. This is quite debatable, especially given the serious risks that cyber attacks represent for not only electric reliability on a large scale, but also in terms of the potential for catastrophic release of hazardous ionizing radioactivity -- risks this report itself acknowledges.

The report also does the disservice of naming anti-nuclear organizations as a potential source of cyber attacks on nuclear facilities. This unfortunately continues a trend of demonizing environmental opponents of nuclear power, as well as concerned citizens, who have devoted themselves to preventing radiological disasters, and in a non-violent manner.

The study reports a number of publicly known cyber attacks, and other cyber incidents, at nuclear power plants, while it hastens to add that the nuclear power industry itself is very likely concealing information about a much larger number of such incidents. As the study reports:

While only a few cyber attacks on nuclear facilities have been made public, one estimate (Source 8) puts the number of major incidents that have affected industrial control systems as high as 50 (this is in addition to frequent routine attacks on business networks):

What people keep saying is 'wait until something big happens, then we'll take it seriously.' But the problem is that we have already had a lot of very big things happen. There have probably been about 50 actual control systems cyber incidents in the nuclear industry so far, but only two or three have been made public. (Page 15, or 26 of 53 on the PDF counter)

The report does, however, document the following cyber attacks and other incidents that are publicly known:

Known cyber security incidents at nuclear facilities

Ignalina nuclear power plant (Lithuania, 1992)...Davis-Besse nuclear power plant (Ohio, 2003)...Browns Ferry nuclear power plant (Alabama, 2006)...Hatch nuclear power plant (Georgia, 2008)...Natanz [uranium enrichment] facility and Bushehr nuclear power plant -- Stuxnet (Iran, 2010)...Unnamed Russian nuclear power plant -- Stuxnet (circa 2010)...Korea Hydro and Nuclear Power Co. commercial network (South Korea, 2014)

(See Box 1, on Page 3 to 5, or 14 to 16 of 53 on the PDF counter, for more detailed information on each cyber security incident)

Although oddly titled and framed (since when are terrorist attacks -- the main thrust of Gustersen's article -- "accidents"?), Hugh Gusterson's article in the Bulletin of the Atomic Scientists does make good points about security, or lack thereof, at U.S. nuclear weapons complex sites.

His warning is also very relevant to vulnerabilities at U.S. commercial nuclear power plants. However, although Gundersen mentions "the potential for safety failures at US nuclear plants," and Chernobyl by name, he does not directly refer to any U.S. nuclear power plants in his article.

He does, however, focus his criticism on security failures at U.S. nuclear weapons complex sites, namely Oak Ridge's Y-12, and safety failures at Los Alamos.

Regarding the latter, his warning about profit-driven speed-up of radioactive waste barrel loading is quite apt. Such cutting of corners likely contributed to the radioactive barrel burst underground at the Waste Isolation Pilot Plant. That $500 million to $1 billion mistake (DOE and L.A. Times estimates, respectively, for the cost of "recovery" at WIPP) exposed two-dozen workers to ultra-hazardous, internal alpha particle contamination, and caused an atmospheric release of plutonium and other trans-uranics that fell out over the local landscape.