On 30 October, the Nuclear Power Corporation of India Limited, or NPCIL, confirmed that a cyber attack had taken place on the Kudankulam Nuclear Power Plant in Tamil Nadu’s Tirunelveli district. “Identification of malware in NPCIL system is correct,” the press release stated. The admission came a day after the NPCIL denied the attack, and said it was “not possible.” The attack first came to light after VirusTotal, a cyber-security website, released data which showed that a virus known as DTrack had breached the nuclear plant’s network. Subsequently, Pukhraj Singh, a cyber-intelligence specialist, raised the issue on social media. He tweeted that “extremely mission-critical targets were hit” and that the government was notified “way back.” Singh was formerly with the National Technical Research Organisation, a technical-intelligence agency. He said he first learned of the intrusion when he was conctacted by a “third party” that had discovered the breach. Singh tweeted that he had notified the National Cyber Security Coordinator, a cyber security and e-surviellance agency, on 4 September. NPCIL’s initial denial of the attack and then admission, compelled by Singh’s public disclosures, is illustrative of the opaqueness with which it functions.
Since construction began on the Kudankulam nuclear power plant in 2002, it has faced sustained protests by local villagers, most of whom belong to the fishing community. They claim that the plant’s effluent would damage the local environment, the marine life and threaten their livelihood. SP Udayakumar founded the People’s Movement Against Nuclear Energy, a community-based civil-rights group, that has spearheaded the protests against the plant and demanded its unconditional shutdown. In the past, the police have cracked down on the protests and charged several villagers with sedition.
In the aftermath of the cyber attack on the plant, Udayakumar spoke to Aathira Konikkara, a reporting fellow at The Caravan. He discussed the absence of any reassurance from the authorities about the continued safety of the plant. “The project [is] a lot more vulnerable than what we really thought,” he said. “It is prudent to shut down the first two reactors immediately and to go for an independent inquiry with international experts.”
Aathira Konikkara: Now that the cyber attack on the Kudankulam plant has been officially confirmed, what are your fears and concerns as someone who has represented the local community in the anti-nuclear movement?
SP Udayakumar: One, you can see that they are very lackadaisical about the whole security issue. They are complacent about not only cyber security, but about the security of the entire institution. Second, they are ignorant about vulnerabilities of the nuclear power plant and the overall security of the local people.
AK: In June this year, you sought a white paper from the plant authorities on the safety of the plant. What led you to demand a safety assessment from the plant authorities at that time?
SPU: We have been demanding a white paper for a very long time, since the beginning of the project, because we proved with solid material evidence that there were construction problems in the project, meaning the dome of the Kudankulam nuclear power plant was rebuilt after the wiring had been done. So they reworked on the whole dome. The integrity of the construction has been questioned not just by us but by so many other people. We should also talk about the substandard parts and equipment that they have used in their project. Electricity generation itself has been very erratic because the first reactor has been shut down more than fifty times. And the second reactor has been shut down more than twenty times. The second unit was shut down on 19 October. The administration said it was shut down because of a turbine problem. But it was actually because of low steam generation that may have been caused by the virus attack. These guys don’t say anything openly. There is absolutely no transparency or accountability and that makes us very worried. This recalcitrant attitude—“We know it, we can deal with it, what do you know, we are the authorities”—this kind of authoritarian attitude and behaviour is really problematic.