Govt: Kudankulam Data Breach Did Not Impact Nuclear Security, No Immediate Review Planned

 

The Centre has attempted to reassure the public that the data breach incident involving electronic files of the Kudankulam Nuclear Power Plant (KKNPP) has no implication on the nation’s nuclear security or reactor operations.
Union Minister of State for Atomic Energy Jitendra Singh stated that the breach did not affect any sensitive nuclear facility or infrastructure. 

Singh stated during an interaction with reporters on the sidelines of the press conference on July 16 that there was no need for an immediate security review since the breach did not concern nuclear activities or reactors.
Nuclear Power Corporation of India Limited (NPCIL), which manages the Kudankulam plant, claimed that the data breach incident did not disclose any sensitive information about reactors. 
“In the given scenario, the data breach is related to the Engineering, Procurement and Construction (EPC) contract for the Common Services–Balance of Plant (BoP) package for Units 3 and 4 under Implementation Agreement 7 (IA-7),” the NPCIL stated. It added that the EPC contract is signed with Reliance Infrastructure via a public tender process in 2018 for Kudankulam NPP.
“The balance of plant involves many elements such as auxiliary systems, services, and infrastructure like cooling towers, which are comparable to those in conventional thermal power stations,” NPCIL noted.
It added that the BoP does not contain any nuclear power plant equipment or components or safety and security features.
“In this context, NPCIL is not contemplating any First Information Report (FIR) as the cyber-attack was on the data of Reliance Infrastructure,” an NPCIL spokesperson said. They added that the information shared with Reliance Infrastructure during the tendering procedure included indicative drawings and technical specifications on the common services balance of plant, typically provided to all bidders. “This information did not include any sensitive nuclear safety information,” the spokesperson added. 
NPCIL stated that Reliance Infrastructure develops engineering drawings using the technical specifications and drawings provided by NPCIL in coordination with original equipment manufacturers (OEMs) for the approval process.
The breach of data came after Reuters reported that ransomware group World Leaks exfiltrated more than 19,000 files from servers hosting Kudankulam Nuclear Power Plant, covering the 2016 fiscal year through mid-2025. 
According to the report, the documents contain details on control, cooling, and ventilation systems, suppliers, inspections conducted by Indian and Russian personnel, meeting records, and insurance data. The breach was attributed to a server managed by data centre infrastructure provider Yotta, hosted by third-party Reliance Group, which was responsible for the EPC contract for the Kudankulam NPP, admitting that the attack resulted in a partial data breach. 
Tamil Nadu-based Kudankulam Nuclear Power Plant currently operates two 1,000 MW VVER reactors and is set to commission four more reactors under the Russian technical collaboration agreement. The project aims to make Kudankulam one of India’s largest nuclear power parks with a total capacity of 6,000 MW.
The data breach incident does not appear to affect the nuclear security or safety of the nation, as the government and NPCIL continue to emphasize. 
The breach did, however, raise concerns about the safety of digital assets and data security in various contracts, including those of critical infrastructure like Kudankulam NPP.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: