A computer in the control room of the Monju fast-breeder reactor was infected by malware earlier this month, after an employee updated video software. The Monju fast-breeder reactor is once again facing the regulatory firing squad. Built in the mid-1990’s, the facility – located in Japan’s Tsuruga, Fukui Prefecture – has faced several regulatory problems, including poor ratings for safety and security. After it was built, the sodium-cooled fast breeder reactor ran fine for a few months before a catastrophic fire led to a 15 year shutdown. A restart was attempted in 2010, but that too had problems, and the plant has been mostly non-operational since then. In November 2013, the plant faced the scorn of Japan’s Nuclear Regulation Authority, who told the nation’s Atomic Energy Agency that Monju’s anti-terrorism measures were lacking. In fact, the regulatory authority came down hard on Monju’s violations regarding security guidelines meant to protect nuclear materials. Now, just a few months after entering the governance dog house, the JAEA is dealing with another problem at Monju. On January 2, an administrator at the Monju reactor noticed that one of the eight computers in the control room had been accessed more than 30 times within the previous five days, along with signs that the system had been communicating with the outside. Subsequent investigations into the matter uncovered a virus, which according to reports from the Tokyo Broadcasting Station (TBS) [Alt. Link], was likely installed by an employee who was updating video player software. It’s unknown if the software was malicious to begin with, or if the employee was tricked into installing a fake video codec. The data leak that occurred because of the incident is being downplayed some by Japan’s media and the JAEA. Reports note that the only information likely to have been obtained were internal email communications and training materials. The JAEA is investigating further in order to ascertain exactly what was accessed, but there were more than 42,000 documents on the infected system. The incident shines light on an increasingly important topic for those in the Industrial Control Systems community; awareness and control. What happened at Monju shows a need for control over the software that’s installed on a control room’s system, and who can manage it. Moreover, it shows a need for visibility into what’s happening on the network, and visibility into what systems are able to communicate with the outside and controlling (or blocking) such access as needed. Given the problematic history at Monju, an infected computer might not rate high on the threat scale, but it’s surely a sign of much larger and more serious problems. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe