Shrugging off an attack

The authorities concluded that computer systems at the country’s nuclear power operator were hacked. But their response to the infiltration of one of our most important infrastructures was as lax as their management.

An unidentified hacker claiming to be associated with an anti-nuclear-reactor group posted about 20 ZIP files showing designs of the country’s largest nuclear power stations and operating manuals of key systems on Internet sites from Dec. 17 to 21.

The hacker has threatened to release more blueprints unless reactors in the Gori and Wolsong nuclear complexes are stopped. Plant operator Korea Hydro and Nuclear Power and the Ministry of Trade, Industry, and Energy said the leaked files did not affect the safety of the nuclear reactors or their operations. But they appeared to be blithely ignorant of the consequences of cyberattacks and the importance of quick action.

Basic architectural blueprints of nuclear reactors are usually not allowed to be photographed because reactors are classified as highly important security facilities. So too with key parts of the facilities like pipelines, which experts consider as top national secrets. They have been hacked and put on display on the Internet. Yet authorities are merely saying they won’t affect nuclear safety. Confidence in the country’s nuclear industry could become discredited because safety and security are essential to the technologies and facilities. The public cannot but question the country’s security against cyberattacks when even a nuclear reactor operator is so easily hacked.

The incident may not be just an industrial mishap. Prosecutors discovered that the hacker, or a group of hackers, was highly trained and sophisticated in running zombie PCs and using stolen Internet accounts. The possibility of North Korean involvement cannot be ruled out. U.S. federal investigators blamed North Korea for hacking into Hollywood movie studio Sony Pictures, noting that the methods used were similar to a series of cyberattacks on South Korean banks and media organizations in 2013 that was traced to North Korea’s hackers.

The government should regard the incident as a top national security matter and mobilize all necessary resources to solve the case. At the same time, security regulations and oversight of nuclear power facilities must be toughened. If Korea Hydro and Nuclear Power cannot be entirely trusted, a private institute or another government body should take up supervisory responsibility. Computer security of nuclear facilities must be thoroughly protected for the sake of public safety. JoongAng Ilbo, Dec. 23, Page 38