The breaches have so far resulted in “no bulk power system impact in North America," The North American Electric Reliability Corporation told Circa.
But the motivations behind the widespread hacks could include searching for electrical grid vulnerabilities to attack in full force later.
That full force could also be large, as the Times reported that a Kremlin-backed group of Russian hackers – perhaps like those responsible for taking down power grids in Ukraine in 2015 – is believed to be behind these incidents with American power plants.
So how much damage can hackers do with remote access to a U.S. nuclear power plant? It depends on which system of computers they hack - the most important kind is usually harder to reach remotely.
"You’ve got the regular IT network, which is from a corporate perspective what we’re used to working with, and then you’ve got other networks that are called OT, operational technology networks that are actually running the physical process," Galina Antova, co-founder of industrial cybersecurity firm Claroty, explained to Circa.
That separation of computer systems, as dictated by the U.S. Nuclear Regulatory Commission (NRC), is why the breach of the Wolf Creek nuclear generating station in Kansas, part of the rash of recently reported power plant cyberattacks, saw “absolutely no operation impact,” Jenny Hageman, spokesperson for the facility, told Circa.
“The safety and control systems for the nuclear reactor and other vital plant components are not connected to business networks or the internet,” she said.
The NRC also requires a “notification of a cyberevent that affects the critical [or operational] systems” whenever one occurs," the agency wrote in a statement sent to Circa, which included the fact that it has “not received any reports to date.”
But Antova said that doesn’t mean snooping around for a way into operational systems at plants is impossible.
"There are phishing emails, you can get credentials, [and] once you gain the credentials, you can gain a foothold into the network," she said. "In Ukraine [in] 2015, they got into the IT network … and they made their way to the OT network."
Once operational technology systems at nuclear plants are compromised, power grids could be cut off.
Antova said if that is a hacker’s ultimate goal, they might decide to focus on various utility plants placed throughout grids that are recommended to operate under nuclear’s operational and IT computer separation, but are not as stringently regulated to do so.
Of course, that doesn’t address the ultimate fear attached to why hackers would go after a nuclear plant: causing a meltdown.
Edwin Lyman, of the Union of Concerned Scientists, however, believes that’s a little far-fetched, telling Bloomberg that backup power supplies make it so ”you can’t really cause a nuclear plant to melt down just by taking out the secondary systems that are connected to the grid.”
The safeguards in place today for nuclear plants are aging, and as reports would indicate, the attention to nuclear plant security could be reaching a peak from outside threats, meaning preventative measures will need to stay ahead.