The procedures include stringent monitoring, authorization, and access control techniques

Stringent security measures are in place to protect India's nuclear power plant systems from cyber-attack, Union Minister of State Jitendra Singh said on Thursday.

Replying to a question in the Rajya Sabha, the minister stated that these security procedures include stringent configuration control, monitoring, authorization, authentication, and access control techniques. He informed the House that systems of nuclear power plants are also segregated from the internet and are not reachable through the administrative network.

Singh continued by saying that several steps had been taken to improve information security in administrative networks at nuclear power plants, including fortifying internet and administrative intranet connectivity, limiting the use of portable devices, and restricting websites and IP addresses.

The Union Minister of State also provided information on the investigations conducted by the Computer and Information Security Advisory Group (CISAG) at DAE and the national organization, Indian Computer Emergency Response Team, regarding the September 2019 cyberattack on the Kudankulam Nuclear Power Plant.

He stated that the actions taken in response to their recommendations include the following:

  • Physical separation of intranet and internet access
  • Secure virtual browsing terminals for dedicated internet use
  • Secured Data Transfer provisions requiring authentication are in place
  • Independent Security Review Prior to Posting of New Web Applications and/or Change in LAN/Infrastructure Architecture
  • Constitution of a Task Force for oversight of information security threats to IT Systems
  • Restricted usage of removable media