We Have To Protect Nuclear Power Plants From Viruses Too?

Jonathan Johnson
March 23, 2018

Submitted as coursework for PH241, Stanford University, Winter 2018

Viruses Aim For United States Nuclear Reactors

Fig. 1: Iranian President Hassan Rouhani and Head of the Atomic Energy Organization of Iran (AEOI) Ali Akbar Salehi in Bushehr Nuclear Plant. This photo, although taken after the Iranian Nuclear Power attack, shows one of the nuclear power reactors that was affected by Stuxnet. Wikimedia Commons)

Nuclear plants in the United States have been targeted by hackers as an ongoing effort to possibly disrupt U.S nuclear energy presence, but for what reason has yet to be determined or released through United States security reports. Since May 2017, the F.B.I and Homeland Security have worked together to notify citizens of attempts by hackers to enter the systems of nuclear power stations. [1] They have noted that only the business area of the nuclear reactor was penetrated by hackers, but not the actual reactor. [2] The breach, however, has stirred worry amongst circles who question the vulnerability of the nuclear power reactors. [3,4] Cybersecurity experts review that episodes of this level have the potential to cause sensitive information to leak and cause physical damage to the nuclear reactor. In the event of physical damage to the reactor, a meltdown, similar to the Queensland incident of 2000, that released 80,000 liters of raw sewage into a river.However, in this case, nuclear waste could be potential released into the environment, to varying degrees of dangerous outcomes. [3,4]

Viruses Aim For Other Nuclear Reactors, Too

This is not the first time that a nuclear facility has been hacked. Most notably, in 2010, an Iranian nuclear power reactor was hacked. The event became known as Stuxnet, and it was uncovered as a U.S attempt to impose nuclear restrictions on Iran. [5] According to the New York Times, the attack on the nuclear power plant was a part of an attack by then President Obama, to continue the cyberattack issued by former President G.W. Bush in an attack code-named, "The Olympic Games.' [6] The attack ended up derailing approximately 1,000 of the 5,000 nuclear power centrifuges that were used to enrich uranium (see Fig. 1). Officially, the attack was targeted to present the development of nuclear weapons, not necessarily the use of nuclear energy. Eventually, a report was released of what they surveyed to happen during the incident. [6] They reported that the virus damaged motor and vacuum pumps within their nuclear reactors and they believe that the U.S wreck harm by apparently buying the equipment, then malevolently modifying it before they released it back into the market space. [5] Similar to the incident in the U.S, the event sparked worry amongst Iran's nuclear program when trading, since they may be subject to faulty software that could further destroy their system. [5]


. With the rise of security concerns, the U.S Nuclear Regulatory Commission created an Information Security Strategic Plan to thwart the efforts of hackers. [4] In addition, as another combative effort, the administration signed an order on May 11, 2017 that prompted additional security for nuclear reactors. However, even with new documents, Jon Wellinghoff, former chairman of the Federal Regulatory Commission believes that reactors are still vulnerable, as he reports, "We never anticipated that our critical infrastructure control systems would be facing advanced levels of malware." [1]

© Jonathan Johnson. The author warrants that the work is the author's own and that Stanford University provided no input other than typesetting and referencing guidelines. The author grants permission to copy, distribute and display this work in unaltered form, with attribution to the author, for noncommercial purposes only. All other rights, including commercial rights, are reserved to the author.


[1] N. Perlroth, "Hackers Are Targeting Nuclear Facilities, Homeland Security Dept. and F.B.I. Say," New York Times, 6 Jul 17.

[2] M. Levine, "At Least 1 US Nuclear Plant's Computer System Was Hacked," ABC News, 28 Jun 17.

[3] M. Holloway,"Stuxnet Worm Attack on Iranian Nuclear Facilities," Physics 241, Stanford University, Winter 2015.

[4] B. Kesler, "The Vulnerability of Nuclear Facilities to Cyber Attack," Strategic Insights 10, 15 (2011).

[5] M. Shuster, "Inside The United States' Secret Sabotage Of Iran," National Public Radio, 9 May 11.

[6] D. Sanger, "Obama Order Sped Up Wave Of Cyberattacks Against Iran," New York Times, 1 Jun 12.