[email protected] +91 772-2987-077
Wealth of lacunae

Wealth of lacunae: On the Kudankulam nuclear plant data leak. 

 Cybersecurity, transparency are non-negotiable in vital installations. 

The ransomware attack against a contractor involved in the Kudankulam nuclear power project is concerning, even if nothing threatening the plant’s integrity was stolen. In 2019, malware was found on the same facility’s administrative network, but the NPCIL maintained that the operational reactor network was unaffected. The new incident extends the same theme. India’s breach disclosure regime is inconsistent and often plainly opaque. Affected organisations tend to believe admitting a breach will damage public confidence, share prices, contracts, and invite regulatory scrutiny. So, they tend to ease their language in public statements and avoid disclosure until compelled. Many organisations also lack mature incident response capabilities, not uncommonly because they treat cybersecurity as a matter of compliance rather than necessity. So, assessing what data has been affected in the early stages of an attack becomes technically impossible. According to public information, the facility’s core infrastructure is unaffected; instead, a group called ‘World Leaks’ mounted a ransomware attack compromising systems belonging to Reliance Infrastructure, one of the engineering contractors of Units 3 and 4. The data in the incident were hosted by Yotta Data Services, which said it detected suspicious activity on its servers on May 29.

According to open-source intelligence platform RansomLook, the data began appearing on World Leaks on June 11. However, the NPCIL issued a formal clarification only on July 15, following widespread media reports. Some 14.3 GB of files have been released, including the layouts of ventilation systems, floor plans of an alleged “control room”, supplier and vendor lists, and insurance paperwork. While the files have not been independently authenticated, the actors and their incentives merit a closer look. The NPCIL has said that the files only pertain to infrastructure beyond the facility’s nuclear island. However, such information can still serve so-called intelligence preparation activities. India is the third-most breached country and has already brooked similar attacks against AIIMS Delhi, airlines, and State government portals. In this milieu, the government has positioned Kudankulam as the centrepiece of India’s nuclear power ambitions. As CERT-In is conducting an investigation and Reliance and Yotta have shared their findings with the government, CERT-In and NPCIL should also clarify the nature and authenticity of the files, whether data were exfiltrated before detection, and whether any credentials or supplier accounts have been exposed. Radical transparency is impossible here but basic cyber-hygiene and proactive communication are non-negotiable

-
Lacunae
(noun) – Gaps, deficiencies, shortcomings, omissions

कमियाँ

-

Cybersecurity (noun) - protection of computer systems and networks from theft or damage.

साइबर सुरक्षा

-
Transparency
(noun) – clarity, limpidity, clearness, plainness, distinctness

पारदर्शिता

 -
Vital (adjective) – Absolutely necessary; essential, crucial, key

महत्वपूर्ण

-Ransomware (noun) - a type of malicious software that threatens to publish or block access to data unless a ransom is paid.

फिरौती के लिए मैलवेयर

 

-
Concerning
(adjective) – Worrying, Troubling, Disturbing, Bothering, Upsetting

चिंताजनक

-
Integrity
(noun) – morality, virtue, probity, uprightness

अखंडता

-
Breach
(noun) – Violation, Contravention, Infringement, Defiance

उल्लंघन

-
Regime
(noun) – system, arrangement, scheme

व्यवस्था

-

Inconsistent (adjective) – Incompatible, contradictory, incongruous, erratic, irregular

असंगत

-

Plainly (adverb) - clearly, obviously, evidently, manifestly, overtly

स्पष्ट रूप से

-
Opaque
(adjective) –  obscure, unclear,

अस्पष्ट

-

Tend to (phrasal verb) - to incline or lean

झुकाव होना

-

Admit (verb) – Acknowledge, confess, accept, concede, admit

स्वीकार करना

 

-
Scrutiny
(noun) – Inspection, examination, enquiry

जांच

-

Compel (verb) - force, oblige, coerce, drive.

मजबूर होना

-
Compliance
(noun) – The state or fact of according with or meeting rules or standards.

अनुपालन

-
Necessity
(noun) – Need, requirement, inevitability, stipulation, compulsion, obligation

आवश्यकता

-
Assess
(verb) – evaluate, judge, gauge, rate, estimate, appraise

आकलन करना

-
Infrastructure
(noun) – the basic systems and services that are necessary for a country or an organization

बुनियादी ढाँचा, अवसरंचना

-

Mount (verb) - organize, stage, set up, launch.

(हमला) करना या व्यवस्थित करना

-

Compromise (verb) - endanger, jeopardize, imperil, undermine, weaken

खतरे में डालना

-

Host (verb) - store, provide space for, maintain.

(डेटा) रखना या होस्ट करना

-
Following
(preposition) – After

के बाद

-
Widespread
(adjective) – extensive, prevalent, general, common, pervasive

व्यापक

-

Layout (noun) - design, arrangement, plan, structure.

खाका या विन्यास

-
Alleged
(adjective) – so-called, supposed

कथित

-Actors (noun) - participants, agents, players.

(हमलावर) समूह या एजेंट

 

-
Incentive
(noun) – Inducement, enticement, spur, reason, lure 

प्रोत्साहन, प्रलोभन

-

Merit (verb) - deserve, warrant, justify, earn.

योग्य होना

-
Pertain
(verb) – concern, relate to, be related to, be connected with

से संबंधित होना

-

Nuclear island (noun) - the part of a nuclear plant housing the reactor and critical systems.

परमाणु संयंत्र का केंद्रीय भाग (रिएक्टर आदि)

-
So
-called (adjective) – supposed, alleged, presumed, ostensible

तथाकथित

-

Brook (verb) – Tolerate, endure, bear, stand, suffer,

बर्दाश्त करना

 

-
Milieu (noun) – environment, setting, background, surroundings, context

परिवेश

-

Position (verb) – Place, locate, situate, arrange, orient

स्थापित करना

-

Centrepiece (noun) - focal point, main feature, highlight, core element.

मुख्य केंद्र बिंदु

-
Findings (noun) – The results of research or an investigation

निष्कर्ष

-
Authenticity
(noun) – Genuineness, legitimacy, validity, reality

प्रामाणिकता

-

Exfiltrate (verb) - stolen (data), transferred data secretly.

गुप्त रूप से (डेटा) निकालना

-

Credentials (noun) - login details, identification, documents, qualifications.

साख या लॉगिन जानकारी

-
Expose (verb) – reveal, uncover, lay bare खुलासा करना

-

Proactive (adjective) – Forward-thinking, anticipatory, preventive, preemptive
सक्रिय

-

Non-negotiable (adjective) - mandatory, unchangeable, essential, absolute.

गैर-समझौता योग्य (अपरिवर्तनीय