Kudankulam Data Leak Exposes Critical Infrastructure Gaps

The leak of nearly 19,000 files linked to India's largest nuclear power plant has put contractor security and third-party risk under scrutiny.

Topics

  • Image Credit- Chetan Jha/ MIT Sloan Management Review India

    Nearly 19,000 files linked to India’s Kudankulam Nuclear Power Plant have been published on the dark web after an apparent breach at a contractor, exposing how critical infrastructure can remain vulnerable even when its operational systems are isolated from the internet.

    The ransomware group World Leaks posted files that appear to include blueprints of ventilation and cooling systems, the floor plan of a common control room, supplier information, inspection records and equipment reviews related to Units 3 and 4 of the Tamil Nadu plant, Reuters reported on Wednesday, July 15.

    The files did not appear to contain designs for the reactors’ core systems, which are supplied by Russia’s state-owned Rosatom. But cybersecurity researchers said information about supporting infrastructure, vendors and access relationships coils still help an attacker understand the plant’s physical and digital dependencies. 

    The leak highlights a persistent weakness in the security of large infrastructure projects. Organizations may heavily protect production networks while sensitive engineering data, inspection photographs, meeting records and architectural plans circulate among construction companies, equipment suppliers, insurers and cloud providers.

    In the Kudankulam leak, the files were labeled by World Leaks as coming from Reliance Group, whose Reliance Infrastructure unit won a contract in 2018 to design and construct infrastructure Units 3 and 4.

    Reliance said there had been a “partial breach” of data stored on a server hosted by Indian data center provider Yotta and that the government had been informed. It did not identify the compromised documents.

    “The incident involved a partial breach of data on a server hosted by Yotta,” Reliance said in its statement.

    Yotta said it detected suspicious activity on 29 May on a server belonging to Reliance Infrastructure. The company said it terminated the activity and prevented the suspected execution of ransomware. Reliance later informed Yotta that external actors were claiming to have stolen data.

    Yotta said it had been unable to verify the threat actor’s claims but had shared its technical findings with Reliance and was supporting the investigation.

    The Nuclear Power Corp. of India (NPCIL) has been coordinating with Reliance about the incident, while the Indian Computer Emergency Response Team, known as CERT-In, is examining it, Reuters reported, citing a person familiar with the matter.

    Kudankulam is India’s largest nuclear power station and a key part of the country’s plans to expand nuclear power generation. Units 3 and 4, which remain under construction, are expected to begin operations by 2027.

    Nickolas Roth, Senior Director at the Nuclear Threat Initiative, told Reuters that if authentic, such information could present a “serious” security risk because it may help attackers understand the plant’s support systems, suppliers and operational infrastructure.

    This is the second cybersecurity-related incident associated with the Kudankulam plant after malware linked to a North Korean hacking group was detected on its administrative network in 2019. At the time, the NPCIL said operational systems were not affected.

    Topics

    More Like This

    You must to post a comment.

    First time here? : Comment on articles and get access to many more articles.