S Korea nuclear firm to hold cyber-attack drills after hack

image copyrightAFP
image captionBlueprints of nuclear reactors were leaked on social media

South Korea's nuclear plant operator is to conduct drills testing its ability to withstand a cyber-attack, after a data leak and threats from a hacker.

Last week, designs and manuals of plant equipment owned by Korea Hydro and Nuclear Power Co (KHNP) were put online by an unknown individual or group.

A threat was made that unless three reactors were closed by Christmas, people should "stay away" from them.

KHNP said the leaked data did not undermine the safety of the reactors.

KHNP, the sole nuclear operator in Korea, is part of the state-run utility Korea Electric Power Corp.

In a statement, the operator said it would conduct a series of large-scale drills at four nuclear power plant complexes on Monday and Tuesday.

media captionThe hackers are threatening to put thousands more documents on the web as Steve Evans reports

'Not core technology'

Using an account named "president of the anti-nuclear reactor group", the hacker posted blueprints of nuclear reactors on social media on Friday.

This was the latest in a series of such postings since 15 December, South Korea's Yonhap news agency said.

Previous postings have included information on the facilities' air condition and cooling systems, a radiation exposure report, and personal data of employees.

Authorities said a probe into the hacking and leak of internal documents had been launched.

Analysis: Mark Ward, BBC technology correspondent

Cyber security experts have warned for years about the dangers of connecting industrial plants and ageing chunks of infrastructure to the internet.

Many have demonstrated how easy it is to use that net connection to leap into the control systems that oversee chemical works, dams, and power plants. Some have detailed hundreds of flaws in the software found on these control systems.

Often plants and machinery in these installations date from a time when nothing was networked so they treat all connections as friendly. Many are hard to update and lack the memory to run any serious security software.

Now nations are scrambling to improve the defences surrounding critical infrastructure to prevent accidents happening through either malice or mischief.

Many firms are taking out hefty insurance policies that will help them recover from a cyber attack. Sadly, lots of them are getting turned down as their defences are not judged to be good enough to repel the attacks.

The company has said that the information does not relate to core technologies. The South Korean government told the BBC that the central operating systems of the reactors had not been hacked.

KHNP operates 23 nuclear reactors and supplies about 30% of the country's electricity, local media said.

It is not known if this cyber-attack is in any way related to an incident last month when Sony Pictures was hacked and unreleased films put online.

The US says North Korea was behind the attack. Pyongyang has denied this and has called for a joint investigation.

South Korea has in the past blamed North Korea for hacks on banks, government websites and broadcasters.

More on this story