The IT network that handles fuel at Gundremmingen nuclear plant have suspended operating. The company who operate the plant RWE say that this is a precautionary measure and that there is no danger.
The unnamed malware affected the IT systems that unload spent fuel to storage pools and not the critical ICS/SCADA equipment. Security at the plant asserts it was not an attack as this network was not connected to the internet, and it was more likely that the infection was introduced accidentally by someone unknowingly connecting an infected USB into the system. (This raises the question of why a presumably secure and private network could allow external devices to be used, providing the possibility for such compromise).
Whilst RWE gave no indication to what sort of malware was found, they rated the incident as ‘N’ – which denotes ‘Normal’. Scans are being carried out on on the network and after this is complete, production will recommence.
Thirty years since Chernobyl
The infection was detected on Sunday (4/24), and at time of writing (4/26)it is the thirtieth anniversary of the Chernobyl disaster. Protests were held outside it’s gates over the week-end demanding the shut-down of the Gundremmingen plant which is one of Germany’s most outdated nuclear facilities. It has been earmarked for closure in 2021.
Kaspersky comments
Eugene Kaspersky, the founder of Kaspersky Labs commented to Softpedia: ‘Yes, alarm bells are probably ringing in everyone’s head who’s just read that. Thing is, it’s not surprising. What is rather surprising is that we don’t hear such worrying news more frequently.”
Further, on the though that it was an infection caused by a USB, he continued, “What it shows is the main, basic issue of today’s connected systems: critical infrastructure is as vulnerable as all other systems connected to the Internet“.
He went on to mention the directed attack the Stuxnet malware that was believed to had been developed to destroy Iranian enrichment plants. Warning that with the detection of 310 000 samples of malware each day, it was inevitable that some would find targets other than those they were developed for, ‘We have to be prepared,’ he warned.
Last week, Kaspersky Labs became the first AV company to supply cyber security solutions for ICS/SCADA applications.
