“Any cyber attack on the Nuclear Power Plant Control System is not possible,” an information officer for the Kudankulam Nuclear Power Plant (KNPP) stated on Tuesday. Both KNPP’s reactors were operating nominally, he added, emphasizing that all critical systems at KNPP and other plants are “standalone and not connected to outside cyber network and Internet.”
The official statement, however, raised further questions, as many noted it neither confirmed nor denied whether any of the secondary non-critical systems might have been compromised in the alleged breach.
Cybersecurity expert Pukhraj Singh, whose tweets had triggered the avalanche of rumors, followed up with a clarification that he only spoke of an alleged lower level “domain controller” breach, instead of one on “control systems.” A hack on the domain level might affect a public-facing email address linked to the plant, for example, but would not touch its reactors or other sensitive equipment.
The former officer of the National Technical Research Organisation, Singh, also noted that he never said anything about possible culprits, because “false flags are so goddamn easy.”