How A Cyberattack Against Nuclear Power Plant Almost Gave Terrorists A Dirty Bomb


Daily Caller News Foundation logo
Andrew Follett Energy and Science Reporter
Font Size:

Material to build a nuclear “dirty bomb” was almost smuggled out of a nuclear power plant four years ago, the head of the United Nations nuclear watchdog told reporters Monday.

The director of the International Atomic Energy Agency (IAEA) said that an unidentified individual tried to smuggle a small amount of highly enriched uranium about four years ago that could have been used to build a so-called “dirty bomb.”  The plant was struck by an extremely disruptive cyber-attack, but the IAEA declined to give any further details.

“This is not an imaginary risk,” Yukiya Amano, director of the IAEA, told Reuters. “This issue of cyber attacks on nuclear-related facilities or activities should be taken very seriously. We never know if we know everything or if it’s the tip of the iceberg.”

This sort of low-quality uranium and plutonium used in nuclear reactors could be used to make low-tech nuclear explosives often called “dirty bombs.”A dirty bomb combines radioactive material with conventional explosives that could contaminate the local area with high radiation levels for long periods of time and cause mass panic, though it would be millions of times weaker than an actual nuclear device. The Islamic State (ISIS) has expressed interest in stealing this kind of radioactive material for a dirty bomb.

However, actually employing a dirty bomb would be very difficult for terrorists, as radiation is very easy to track and sufficient quantities of uranium and plutonium are hard to obtain as nuclear reactors are relatively hard targets.

Amano claimed that the IAEA was handling the threat by providing more cyber and nuclear security training, and providing radiation detecting devices to plants.

Nuclear reactors aren’t the only part of the power grid that’s vulnerable to hacking

A Freedom of Information Act request revealed that hackers successfully infiltrated the Department of Energy’s (DOE) computer system more than 150 times between 2010 and 2014. The DOE was targeted 1,131 times over the same period.

Cyberattacks have already shut down Ukraine’s power grid with a well-engineered malware called BlackEnergy, which disconnected electrical substations from the main power grid. The Ukrainian government publicly blamed Russia for the attack, which left approximately 700,000 homes without power for several hours Dec. 23. Similar malware was used against Ukrainian media organizations during 2015 local elections.

The U.S. Department of Homeland Security twice warned American utilities about a type of malware similar to what took down Ukraine’s power grid in December, 2014, and again in June, 2015American utilities, which are relatively well-defended compared to Ukraine’s, reported 13 different cyber break-ins between 2011 and 2014. A single one minute of grid downtime can cost up to $15,447, according to analysis.

Follow Andrew on Twitter

Send tips to

Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact