No Comments

Eletrobras reports attack on Eletronuclear, but rules out risk to plants


Eletrobras issued a statement on Thursday morning, 4th, to inform its shareholders and the market in general that its subsidiary responsible for nuclear power plants in the Angra dos Reis complex, Eletronuclear, was the target of a cyber attack. The company points out that the attack, however, had no impact on the operation of the units or security risks.

The note informs that the incident in the information technology environment was caused by a ransomware attack that reached part of the servers in the administrative network. Eletrobras points out that the administrative network does not connect with the operating systems of the Angra 1 and Angra 2 nuclear plants, which are, for security reasons, isolated from the administrative network. “The incident, therefore, had no impact on safety, nor on the operation of the Almirante Álvaro Alberto Nuclear Power Station, much less damage to the supply of electricity to the National Interconnected System,” says the statement.

According to the company, Eletronuclear has temporarily suspended the operation of some of its administrative systems to protect the integrity of its data. Eletronuclear’s own team, together with the Managed Security Service (MSS) team, contained and eradicated the effects of the attack, thus the virus was isolated and a thorough verification of the assets is ongoing, the statement said.

Eletrobras says that Eletronuclear has already informed the event to the Government Cyber ​​Treatment and Response Center (CTIR.Gov), with a copy for a representative of the Brazilian Nuclear Program Protection System (SIPRON), under the Institutional Security Office of Presidency of the Republic.

Cybersecurity expert Marcelo Branquinho, CEO of TI Safe, points out, however, that segregating the operating network is not a 100% guarantee that it will not be invaded at some point. “Although PLCs [controladores lógicos programáveis] of the plants are protected by the fact that the operating network is isolated, if the edge security is not well done, there is, indeed, the risk of an invasion, which can even cause a blackout in the regions served by the plants ”, he explains.

Branquinho notes that the cybersecurity of Brazilian energy companies is quite flawed, so much so that ONS (National System Operator) has taken on the challenge of conducting an initiative that aims to propose minimum cyber security criteria and requirements for the operation of the National Interconnected System (SIN).

ONS submitted to Aneel a proposal for a Network Procedure, prepared in a collaborative manner with the agents, to address the issue. “This is going to be crucial for improving the cybersecurity of energy companies. Today, to give you an idea, even the backup systems of these companies are quite incipient ”, concludes the TI Safe specialist.

See the original post at:

You might also like

More Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.