'Nuclear Plants Were Hacked, Working To Prevent It': Global Watchdog

The concern is compounded by the growing digitisation of nuclear plants and the increasing reliance on complex computer systems.

· www.ndtv.com

Show
Quick Read
Summary is AI-generated, newsroom-reviewed

  • There have been cyberattacks on nuclear plants, prompting global preventive efforts by the IAEA
  • Artificial intelligence is increasingly integrated into nuclear systems, raising new security concerns
  • Small Modular Reactors' automation and connectivity increase vulnerability to cyber threats

Did our AI summary help?
Let us know.
 Switch To Beeps Mode

There has already been hacking of nuclear power plants, and the international nuclear watchdog is now actively working with countries to prevent such incidents from escalating in the future. The warning from the International Atomic Energy Agency (IAEA) comes at a time when artificial intelligence is rapidly entering the nuclear domain and expanding the scale of the possible threat.

Fuming Jiang, Director of the Office of Safety and Security Coordination at the IAEA, has acknowledged the cyber risks facing atomic facilities. "There has been hacking of nuclear power plants, and the IAEA is helping the nation states to prevent it from happening," he told NDTV, making it clear that cyber intrusions are no longer hypothetical concerns.

The concern is compounded by the growing digitisation of nuclear plants and the increasing reliance on complex computer systems. The current trend is toward Small Modular Reactors (SMRs), which are even more automated than classical plants, and the vulnerability may only increase.

Responding to a question from NDTV's Pallava Bagla, IAEA Director General Rafael Mariano Grossi explained that artificial intelligence is already deeply embedded across industries and is now part of nuclear systems as well. "AI has different manifestations. In any case, it's a reality. It's influencing your life, my life, everybody's," Grossi said.

Grossi pointed out that artificial intelligence is not a new entrant, but its reach and scale have dramatically expanded. "In banking, in production, even the manufacturing industry is heavily dependent on that. So, this is not a new factor that is coming. What is new, maybe, is the dimension, the globality, and also that there is a public discussion about this," he said.

Grossi described how AI is now present on two sides of the nuclear ecosystem. On one side, it is built into reactors and systems themselves. "In nuclear design, for example, these nuclear power plants, including in India, have a lot already of AI into designing, into safety, into a number of operations," he said.

On the other side, the IAEA is using artificial intelligence to strengthen its own inspection and monitoring processes. "For us, also, in the safety checks, in the safeguarding of nuclear power plants, we have introduced... these technological elements that allow us to be much more efficient," Grossi said, stressing that all such systems operate under strict human oversight.

"With human-in-the-loop guarantees... because we are never going to be doing anything without the critical eye of our experts," Grossi added.

The use of artificial intelligence is also driven by the rapid expansion of nuclear power worldwide. "Nuclear is growing. It's growing in your country [India], but not only in your country. It's growing everywhere. And many countries are going into nuclear," Grossi said.

As new reactors come up, the IAEA cannot simply increase manpower indefinitely, he noted. "One cannot expect the IAEA to grow each time a new reactor comes into line, and to hire 50 more inspectors."

The solution, he said, lies in using technology. "So, we need to use technology, AI for good."

Even before the rise of artificial intelligence, cyber incidents at nuclear facilities had already exposed vulnerabilities.

The cyber-attack on India's Kudankulam Nuclear Power Plant in 2019 is often cited as a key example. The intrusion was detected in the administrative network of the plant, while the operational control systems remained unaffected due to isolation measures.

The incident illustrated a crucial feature of nuclear cybersecurity. Nuclear plants operate with two separate systems. The operational technology network that runs the reactor is isolated from the information technology network used for administrative purposes. This concept is often referred to as an air gap.

In simple terms, the systems that control core functions such as cooling and reactor operations are not connected to the internet. This reduces the chances of remote cyber intrusion. However, experts have repeatedly warned that such isolation is not foolproof.

The Kudankulam case showed that malware could still enter the system through other pathways, such as infected devices or compromised credentials. The breach involved malware designed for surveillance and data collection rather than immediate damage, highlighting the focus on cyber espionage in nuclear facilities.

India's Science Minister Dr Jitendra Singh, addressing a press conference yesterday on 12 years of the Prime Minister Narendra Modi government, said, "There is no option. Small Modular Reactors will also be implemented by India, especially in populated areas and in large factories, there is no option." This raises heightened concerns about the risks of artificial intelligence-augmented cyber hacking. Suitable firewalls will have to be created to keep these future Indian SMR's secure.  

Concerns of cyber hacking had earlier been raised globally during the Stuxnet attack, widely believed to have targeted Iran's nuclear fuel enrichment programme by Israel. That incident demonstrated how sophisticated malware could infiltrate isolated systems and disrupt physical processes.

These examples show that cyber threats to nuclear plants have existed even in a pre-AI era.

What changes now is the scale and sophistication of the threat. Artificial intelligence can potentially accelerate cyber-attacks by enabling faster reconnaissance, automated targeting and adaptive malware. At the same time, it is also being used to strengthen detection and response systems.

The IAEA itself has recognised both the opportunities and risks of integrating AI into nuclear systems, including the potential for data manipulation and new vulnerabilities that require enhanced cybersecurity measures.

The emerging challenge is even more significant with the advent of small modular reactors. These new-generation reactors are designed to be more automated and, in some cases, capable of remote operation. This increased digitisation and connectivity could expand the attack surface for cyber threats.

As nuclear plants become more computer-driven, ensuring cybersecurity becomes as critical as ensuring physical safety. Experts have warned that current defence in depth systems may not be adequate for future threats and that a more holistic approach is needed to secure nuclear infrastructure.

At the same time, countries like India are planning a massive expansion of nuclear energy. India aims to scale up its nuclear power capacity significantly in the coming decades, moving from current levels of about 8 Gigawatts to a much larger fleet of reactors to about 100 Gigawatts in the next 21 years.

In such a scenario, the challenge of securing nuclear plants from cyber threats will only grow. Artificial intelligence will play a dual role in this landscape.

It will be an essential tool for improving efficiency, monitoring and safety. But if misused, it could also become a powerful instrument for cyberattacks. The balance between these two roles will define the future of nuclear security.

The IAEA's message is clear. Cyber threats to nuclear facilities are real and evolving. Artificial intelligence offers powerful tools to address these challenges, but it also introduces new risks that must be managed carefully. As the world expands its nuclear fleet and embraces digital technologies, making nuclear power plants resilient against cyber-attacks will be a top priority.

For countries like India, which are looking to scale up nuclear capacity sharply in the coming decades, the task is even more urgent.

Future reactors will need to be designed not just for efficiency and safety, but also to be resilient, secure and effectively protected against evolving cyber threats.

In an increasingly digital world, making nuclear plants hack-proof may well become one of the most critical challenges for the global atomic energy community. It is hoped that India's main nuclear research laboratory, the Bhabha Atomic Research Centre (BARC), Mumbai, which is designing India's own small nuclear plants called Bharat Small Modular Reactors, will do something about this emerging threat by stress testing the designs.  

Show full article

Track Latest News Live on NDTV.com and get news updates from India and around the world

Follow us:
Nuclear Plant Hack, Cyberattack, AI Adoption