On 30 October, the Nuclear Power Corporation of India Limited, or NPCIL, confirmed that a cyber attack had taken place on the Kudankulam Nuclear Power Plant in Tamil Nadu’s Tirunelveli district. “Identification of malware in NPCIL system is correct,” the press release stated. The admission came a day after the NPCIL denied the attack, and said it was “not possible.” The attack first came to light after VirusTotal, a cyber-security website, released data which showed that a virus known as DTrack had breached the nuclear plant’s network. Subsequently, Pukhraj Singh, a cyber-intelligence specialist, raised the issue on social media. He tweeted that “extremely mission-critical targets were hit” and that the government was notified “way back.” Singh was formerly with the National Technical Research Organisation, a technical-intelligence agency. He said he first learned of the intrusion when he was conctacted by a “third party” that had discovered the breach. Singh tweeted that he had notified the National Cyber Security Coordinator, a cyber security and e-surviellance agency, on 4 September. NPCIL’s initial denial of the attack and then admission, compelled by Singh’s public disclosures, is illustrative of the opaqueness with which it functions.
Since construction began on the Kudankulam nuclear power plant in 2002, it has faced sustained protests by local villagers, most of whom belong to the fishing community. They claim that the plant’s effluent would damage the local environment, the marine life and threaten their livelihood. SP Udayakumar founded the People’s Movement Against Nuclear Energy, a community-based civil-rights group, that has spearheaded the protests against the plant and demanded its unconditional shutdown. In the past, the police have cracked down on the protests and charged several villagers with sedition.
In the aftermath of the cyber attack on the plant, Udayakumar spoke to Aathira Konikkara, a reporting fellow at The Caravan. He discussed the absence of any reassurance from the authorities about the continued safety of the plant. “The project [is] a lot more vulnerable than what we really thought,” he said. “It is prudent to shut down the first two reactors immediately and to go for an independent inquiry with international experts.”
COMMENT