The Computer Infection of Kudankulam and its Implications via The India Forum

M V Ramana, Lauren J. Borja

The October 2019 cyberattack on a computer system at the Kudankulam nuclear power plant points to new pathways to severe accidents that can result in widespread radioactive fallout. Attempts to lower this risk would further increase the cost of nuclear power.


Nuclear energy is a unique source of electricity. One of its peculiarities is its capacity to suffer severe accidents that can spread hazardous radioactive contamination across thousands or even tens of thousands of square kilometres requiring evacuation of populations for decades or centuries. To avoid such accidents,the construction of nuclear power plants requires vast quantities of concrete and steel, exacting manufacturing standards, and layers upon layers of control systems at nuclear plants.

Despite such measures, there have been a number of accidents, of both small and large magnitude, since the beginning of the nuclear age. Each accident typically exposes a new vulnerability and often these accidents occur through pathways that were not conceived of by plant designers. The realization that hackers might be able to infect the computers in a nuclear power plant, potentially affecting the physical operation of the nuclear reactors themselves, is another safety vulnerability that had initially not been fathomed.

In addition to the technical aspects of accidents at nuclear power plants, the nature of organizations that operate hazardous technologies can affect both the likelihood and severity of accidents. Scholars who study safety in hazardous technologies have identified three characteristics of organizations that help to mitigate accidents, all of which involve how organizational leaders behave. These include placing a high priority on safety in design and operations; setting and maintaining safety standards and practices; and learning from failures. The little that is known of how the Nuclear Power Corporation of India has responded to the malware infection at KNPP suggests that organizational leaders did not meet these requirements adequately, especially the last one.


Read more.

This entry was posted in *English and tagged , . Bookmark the permalink.

Leave a Reply