Korea Hydro and Nuclear Power Co. was beset with yet another leak on Sunday, the fourth time since information on its nuclear reactors and its employees were found posted on a blog last week.
In its latest message posted on Twitter, a group that describes itself as an antinuclear power organization reiterated its demand that three of the country’s 23 nuclear power reactors be shut down starting Dec. 25, threatening that it would release an additional 100,000 pages of information if its demand was not met. Also posted were four files containing information on nuclear power plants.
The government and the country’s sole nuclear power plant operator have not been able to stop the leaks that began on Dec. 15. The authorities have not yet been able to determine the perpetrators’ identities and the extent of the leak. It is not clear whether the leaked documents were obtained by hacking or were smuggled out of an office.
The fact that the authorities have not been able to stop the continued leaks after days speaks volumes about the country’s readiness against cyberattacks. The country is under constant threat of cyberattacks from North Korea, whose cyberwarfare capabilities continue to grow ― the attack against Sony, which virtually destroyed the company’s computer system after copying a tremendous amount of data, is an example of its capabilities. Last year’s cyberattack against banking and media institutions attributed to North Korea also gave us a preview of Pyongyang’s cyberwarfare capabilities.
However, last year’s attacks apparently did not encourage Korea Hydro and Nuclear Power Co. to improve its cybersecurity. In fact, cybersecurity firms detected signs of a cyberattack against the country’s major infrastructure facilities and on Dec. 9 warned security officials at nuclear power plants about email hacking attempts. Although the leaked documents were found online on Dec. 15, it was only on Nov. 18 that the company requested an investigation and shut down the blog on which the documents were posted. Compare this to the response at Sony, which alerted the FBI within hours of being attacked.
If this proves to have been a cyberattack, it shows how vulnerable the country’s major infrastructure facilities are. Faced with increasingly sophisticated cyberattacks, both the private sector and the government should enforce strict security protocols and respond promptly to threats.