Following reports that engineering documents related to the Balance of Plant (BoP) at the Kudankulam Nuclear Power Plant had been leaked, explanations emerged stating that the documents were unrelated to the Reactor Island and therefore did not pose a threat to nuclear safety.
In the narrow sense of nuclear safety, this may be true. However, from a cybersecurity perspective, such an assessment is incomplete.
In cybersecurity, the importance of a system is determined not by whether it contains radioactive material, but by how much its compromise can affect operations.
The Reactor Island contains the reactor core, containment structure, primary coolant system and safety systems. The Balance of Plant (BoP), however, is the life-support system of a nuclear power plant. It includes the steam generator, steam lines, turbine, generator, condenser, feedwater system, cooling water system, cooling towers, switchyard, auxiliary power system, instrumentation and control (I&C), and SCADA systems.
A nuclear power plant cannot operate safely without the BoP.
Even after the reactor is shut down, the fuel continues to generate decay heat. To remove this heat safely, the feedwater system, condenser and cooling water system must continue to function. If these systems fail for a prolonged period, the plant may have to be shut down despite the reactor safety systems functioning properly, resulting in major operational and economic consequences.
From a cybersecurity perspective, BoP engineering documents are not merely technical drawings. Documents such as Piping and Instrumentation Diagrams (P&ID), Process Flow Diagrams (PFD), cable layouts, equipment locations, details of pumps, valves, instrumentation and process connections provide an attacker with valuable insight into how the plant operates.
Using such information, a skilled attacker can:
* Identify critical equipment.
* Detect operational vulnerabilities.
* Understand dependencies between interconnected systems.
* Select the most effective targets for an attack.
The Stuxnet attack demonstrated this clearly. Malware targeting PLCs alone is not enough. A successful cyberattack requires a thorough understanding of the plant's engineering design, operational processes and equipment before it is launched.
BoP documents often contain information about equipment manufacturers (OEMs), PLC/DCS vendors, protection relays and instrumentation models. Such information can be used to identify publicly known security vulnerabilities and design targeted cyberattacks.
If BoP systems fail, the consequences extend beyond a single nuclear power plant. If the turbine, generator, feedwater system, cooling water system or switchyard become inoperative, thousands of megawatts of electricity could be lost from the national grid.
This, therefore, becomes an issue of Critical Infrastructure Security.
International cybersecurity standards such as IEC 62443, NIST SP 800-82 and the IAEA Nuclear Security Series specifically recommend that even engineering information should be protected with the highest level of security.
This includes encrypting data at rest and in transit, classifying information as Public, Sensitive or Restricted, enforcing strict access controls, and requiring contractors and suppliers to comply with the same security standards.
In summary, if the Reactor Island is the heart of a nuclear power plant, the Balance of Plant is the set of organs that keeps it alive. Therefore, engineering information related to the BoP should not be regarded as "ordinary technical documents." As part of the protection of the nation's critical infrastructure, these documents deserve the same level of protection as reactor design information.
From the perspective of a cyber attacker, the Reactor Island and the Balance of Plant are not separate worlds—they are two interdependent parts of the same system.
Therefore, the design information of both should be protected with equal care.
The author is SCADA & critical infrastructure cybersecurity expert.