Last week, 24 hours after denying reports of cyber attack on the Kudankulam nuclear power plant, NPCIL, which is the public sector undertaking under the Department of Atomic Energy, admitted to a malware attack on one of the computers at KKNPP, adding that the plant systems had not been affected.
The clarification came after cybersecurity analyst Pukhraj Singh, who was formerly with the government’s National Technical Research Organisation, took to Twitter and posted, “domain controller-level access at Kudankulam Nuclear Power Plant, extremely mission-critical targets were hit” and that the government was notified about it “way back”. Singh added a third-party discovered the incident, it “contacted me & I notified National Cyber Security Coordinator, Lt. Gen Rajesh Pant (retd) on Sep 4.”
Cybersecurity firm Kaspersky later identified the malware as Dtrack, which was previously linked to North Korea.
Speaking exclusively to India Today TV, Singh said that the fact that the administrative network of the plant was attacked points towards the severity of the situation. He added that the admin network is like a hill top from where one can see everything, so an attack there is significant.
Speaking about the attack, Singh said, “I believe the ones involved in this espionage didn’t want to bring too much attention to themselves, they didn’t hack into our nuclear system but we were at their mercy, they had an advantage over us.”
Highlighting his involvement in sounding out the government about the attack, he said, “I had informed the government about the attack way back. The government understands the importance of strengthening cyber security, but a lot needs to be done. This could act as a catalyst in strengthening our systems.Upping the ante on cyber security is the need of the hour.”
Gulshan Rai, India’s first cybersecurity chief, is also of the view that India’s cyber security needs to be strengthened. Speaking with India Today TV he said, “Cyber security is an ever evolving sphere, it doesn’t remain constant. The government understands the need to upgrade and strengthen India’s cyber security but a lot still need to be done.” “The Cybersecurity Policy of 2013 is open and technology neutral. But it needs upgradation.”