Reports of a fire at a French nuclear power plant last week. While there was no nuclear risk, the blaze is described as a ‘significant technical event.’Moreno Carullo, co-founder and Chief Technical Officer at Nozomi Networks commented below.
Moreno Carullo, Co-Founder and Chief Technical Officer at Nozomi Networks:
“The challenge with critical infrastructure, such as the French EDF Flamanville plant, is that the machinery is dated. Pausing systems frequently to check for signs of damage or weakness is simply not possible so often an annual audit is all that’s conducted. To try and bridge the gap, visibility of what is happening within the infrastructure could mean that abnormal fluctuations are identified, and evasive action or even further investigation before damage occurs. However, this is easier said than done when you consider that a standard power plant will typically have an average 50,000 real-time processes, using standard networking tools to monitor, manage, and then troubleshoot is akin to mission impossible. The task of manually analysing the resulting data is not only time-consuming, but also error prone.
“Using advances in computer science, such as machine learning and artificial intelligence, to build an internal representation of an industrial network and its physical processes could hold the key. These ‘tools’ “take advantage of the predictability in control system traffic by establishing a baseline of ICS network communications and conduct active monitoring for anomalies. Having this operational visibility provides immediate insights for faster troubleshooting and remediation of IT and operational issues without impacting industrial processes, making it easier for engineers and plant operators to identify potential malfunctions before damage can occur. If a centrifuge is spinning too fast or slowly – as was the case with Stuxnet, or the temperature is approaching dangerous levels as would have been the case at the Flamanville Plant, evasive action could be taken before damage occurs.
“As new projects are planned and implemented, such as the building of a new third reactor at Flamanville, industrial cyber security and operational monitoring must be built in to pre-empt and prevent ‘significant technical events’ from happening.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.