In 2008 a scandal in cyber safety broke out, which made it into history. For the first time, a malicious computer program, which reduplicates in automated process control system of a nuclear object, was registered. A computer worm STUXNET made a serious damage to the Iran nuclear program, harming 1368 out of 5000 centrifuges at the uranium enrichment plant and scuttling the launch date of the NPP in Bushehr. STUXNET got spread around the world, and in 2013 was found at a Russian NPP.

This is the flipside of the automation: the more processes we give to the computer, the more serious are the consequences in case of a successful cyber-attack. According to the report of American organization ICS-CERT (Industrial Control Systems Cyber Emergency Response Team), the number of attacks at the objects of power infrastructure constantly grows, and NPPs are not an exception. The main reason of it is that automatic process control systems stop being isolated from the global network, as it used to be, or their isolation becomes conventional. Sometimes such system is directly connected to the Internet in sake of monitoring convenience, remote administration, or with another purpose. And although more often one does not do it, trying to avoid system contamination or information leakage, employees started bringing to work their devices and removable media. In fact, the worm was brought to the Bushehr NPP that way: through the USB of one of the employees.

Modern NPPs can’t deal without automation. The most important is not that automated process control system raises labour productivity. It is important that it makes the work of NPP safer than it was 50 years ago. It lowers the human factor, as a computer, unlike a human, doesn’t get tired, is never distracted or lazy. Helping the operator watch in a semi-automatic mode hundreds of factors, such systems lower the risk of hazards. Moreover, they can quickly react and make solutions in this or that situation quicker than a human. In many cases, when for the prompt response the time of reaction shouldn’t exceed a split second, a human operator can’t replace a computer.

Automated process control system can be divided into three levels. The upper level is a workstation and a panel of operators with established SCADA-systems. The middle one includes programmable logic controllers (PLCs), concentrators, communications processors. The lower level consists of field devices: sensors, actuators, etc.

Once on the NPP control computers from the Internet or from a flash card, a malicious program identifies NPP automation equipment, identifies the control program (SCADA-system), reads it, and then decompiles and finally makes it disruptive changes and intercepts controllers’ management. What does it lead to?

For example, in the Siemens SCADA-system, which was installed at the Bushehr nuclear power plant, there is an important software component "Block 35". "Block 35" monitors critical manufacturing operations, which require a response within 100 ms.

By interfering in the work of the "Block 35", the malware can easily cause alarm malfunction, leading to self-destruction of the station. It can switch the rotational speed of the turbine to the maximum possible speed, turn off the coolant circulation system, block security station, disable the cooling system, electricity generators or enrichment centrifuges.

Although getting a malicious program on a personal computer at home does not threaten the leakage of radiation, some people are so afraid of infection on their PCs that they panic at the slightest suspicion. A failure of the power system or supply of NPP cooling system due to cyber attacks can cause man-made disaster of the whole region.

Perhaps any PC, after reading about the danger of cyber attacks on NPPs, would recommend to install the anti-virus, which will be right, but to some extent.

Viruses and other malicious software for traditional computers is often "written" by lone hackers. For this purpose, they first investigate the operating system and find a vulnerability in it. But the soft part of the SCADA-system can not be downloaded on the web, and it is not installed on conventional laptops. In order to write malware for process automation, hackers need to get a complete SCADA-system, they also need to know the composition range of the station controllers and features of processes that they manage. It is not easy, because reliable information is available only in the technical description of the equipment, and is not disclosed. Finally, for really large-scale cyber attacks, leading to man-made disaster, the criminals should have a very good understanding of the process. This requires highly qualified engineers and technicians, who must have experience in work with large nuclear power plants.

It is obvious that lone hackers won’t cope with such a complex task, as the computer attack on a nuclear power plant. The organization and implementation of such cyber attacks is only possible for special occupational groups with serious resources.

It means that the usual anti-virus protection for nuclear power will not work, and it will be extremely difficult to detect virus threats, because it was created by a team of professionals.

There are special products for comprehensive protection of the automated industrial enterprises, for example Modcon, Cisco SAFE products, NETASQ, MaxPatrol, SCADA-auditor, Tenable Network Security.

Developers from MEPhI have created their own Russian product - SHIELD. Its main benefit, firstly, is that it provides the security of the entire automation system without being tied to a specific method to violator’s access to the automatic process control system. Secondly, thanks to the work of SHIELD a high variability of device performance, scalability are reached at a low level, regardless of site-specific hardware and software. Expansion cards for the device protection are selected depending on the object on the data channels, their protocols and standards. SHIELD uses unique algorithms for the analysis of industrial protocols for protection against unauthorized access and SAE action. Thanks to the possibility of the analysis of the signal level of industrial protocols SHIELD has the functions of detecting unauthorized activity for private data transmission protocols. In addition, check of the correctness of the operation of the process is carried out by SHIELD by scripted behavior of the process and pattern sequence for the team. There is also a protection against unauthorized configuration changes and strengthening of critical equipment parameters. The latter allows to avoid above-mentioned things: malware is not able to switch the turbine rotation speed to the maximum.

SHIELD and similar products can not be installed as a regular antivirus installed on a PC, just bringing the box to the NPP and connecting. Professionals come to the enterprise once in a while to diagnose all systems of the building and suggest an individual solution on the basis of analytics.

The media rarely writes about nuclear cyber security as long as the PCS of a station is not infected with malware. Hopefully, there will be more quality anti-virus products for nuclear power plants, including Russian-made ones, and they will permanently delete this topic from the information agenda.