India Strengthens Cyber Security Measures At Nuclear Power Plants

The government has put in place security measures to protect the country's nuclear power plant systems from cyber attacks, according to Union Minister of State for Atomic Energy Jitendra Singh.

In a written reply to a question in the Rajya Sabha on Thursday (8 December), Singh said these measures include authorisation, authentication and access control mechanisms, strict configuration control and surveillance.

To further improve the security of nuclear power plants, the systems in these facilities are not connected to the internet or accessible from administrative networks.

A number of measures have been taken to strengthen Information Security in administrative networks in nuclear power plants, including strengthening of internet and administrative intranet connectivity, restriction on removable media, blocking of websites and IPs, he added.

On the issue of September 2019 cyber-attack on the Kudankulam Nuclear Power Plant, Singh informed that investigations have been carried out by the Computer and Information Security Advisory Group (CISAG) – DAE along with the national agency, Indian Computer Emergency Response Team (CERT-In).

"The measures implemented based on their recommendations include Physical separation of Intranet and Internet access, secure virtual browsing terminal for dedicated internet use, secured data transfer provisions requiring authentication are in place, independent security review prior to posting of new web applications and/or change in LAN/Infrastructural architecture, constitution of a task force for oversight of information security posture, on IT systems in the organisation, etc. and restricted usage of removable media," the minister said.