Operators at RWE’s Gundremmingen plant northwest of Munich moved to shut down the reactor this week after malware was discovered in the plant fuel handling network. The utility said the shutdown was a precaution and the plant was not believed to be in danger.
Unlike previous malware attacks on power plants this year, the infection did not appear to target the nuclear plant specifically. Rather, the malware, which included the W32.Ramnit and Conficker viruses, are common malware strains targeting Windows computers. RWE said the infection was believed to have occurred via USB flash drives brought in by plant staff, and a number of infected drives were found in the subsequent investigation. These viruses are designed to steal files and allow remote control of infected computers but need to be connected to the Internet to do so. The infected system at the plant, which is used to control fuel loading and unloading from the core, is isolated.
In addition, the infection was reportedly confined to the IT network and did not affect the industrial control (ICS) and SCADA systems used for fuel handling.
Still, the risk of malware causing problems in generating plants worries many industry observers. Numerous examples of plant networks being infected via USB drives have been seen in the U.S. and elsewhere, and Windows viruses can be used as a vector to inject malware into ICSs. That method was used in a cyberattack in Ukraine last December that shut down part of the nation’s grid.
Though most experts believe the risk of catastrophic damage is very low, the potential impact is very high. A 2015 study by Lloyd’s of London estimated that a remote-but-plausible large-scale cyberattack on the U.S. grid could shut much of it down for weeks and cause hundreds of billions of dollars of damage.
The two-unit 2.7-GW Gundremmingen plant is the largest in Germany and is slated for retirement in 2021. Gundremmingen was also the site of Germany’s most serious nuclear reactor accident, when in January 1977 an emergency cooling system in the original Unit A malfunctioned and flooded the containment building. That unit was formally retired in 1983; Units B and C came online the following year.
—Thomas W. Overton, JD is a POWER associate editor (@thomas_overton, @POWERmagazine).