Can NJ’s Nuclear Power Plants be Hacked? Cyber-Defenders Say It’s a Concern
With cyberattacks becoming commonplace in the private and public sectors, there is now an elevated concern about hackers targeting nuclear power plants in the Garden State.
New Jersey has the Salem Nuclear Power Plant and Hope Creek Generating Station in Salem County, and the Oyster Creek Generating Station in Ocean County, which provide 39 percent of the power in the state.
“I think it is a concern. Obviously, it is a serious problem. We continue to work on it,” said Mike Geraghty, director of the New Jersey Cybersecurity & Communications Integration Cell.
He explained this is getting a lot of attention because “nuclear power plants would be considered a high value target for any hacker, whether that’s a nation state or others.”
Geraghty said not only is the Integration Cell focused on protecting these plants from threats, “but on a broader level so too is the New Jersey Office of Homeland Security and Preparedness, the New Jersey State Police, the Board of Public Utilities and at a federal level, the Nuclear Regulatory Commission is also involved in overseeing security.”
Who would try to hack a nuclear power plant?
Geraghty said the list would include geeks, nutjobs, terrorists, corporate crooks, a hostile nation — almost anybody.
“But terrorists, foreign governments, nation-state actors, they’re more concerning because their motives are different than a simple criminal looking for a payout,” he said
When asked whether there been any attempts to take control of a nuclear power plant in the Garden State, Geraghty declined to answer the question directly.
“There have been attempts to hack into just about every energy company that’s out there. They’ve been targeted to some extent,” he said.
“But at the same time, there are a number of security controls in place that are commensurate with the risk and threats against those nuclear power plants.”
If the unthinkable happened and a hacker was able to at least partially take control of a nuclear power plant, Geraghty said the Nuclear Regulatory Commission and the BPU would spring into action.
“They’ve put in requirements to put in safety and manual overrides in the event of an incident, not just a hack but it could be a mistake,” he said.
He added besides fending off cyber attacks, “there’s insider threats, so you may put somebody inside of a nuclear power plant or an energy company to carry out an attack.”
Geraghty says in the face of these threats we need to keep in mind “there are a number of safeguards in place to prevent any adverse, or any adversary from being able to hack into a system.”