Nuclear Cybersecurity Research

I am particularly interested in nuclear energy and its potential for a sustainable future.

As nuclear energy production is becoming increasingly reliant on digital technologies, it is crucial to understand the potentials threats and develop robust cybersecurity measures to protect nuclear facilities from malicious actors.

A more informed community can contribute to the collective effort of ensuring the peaceful, safe and secure utilization of this important energy source.

As part of this endeavor, I've published the following research papers:

2017 - Go Nuclear: Breaking Radiation Monitoring Devices

The purpose of this research was to provide a comprehensive description of the technical details and approach used to discover vulnerabilities affecting widely deployed radiation monitoring devices (Portal and area monitors). This work involved software and firmware reverse engineering, RF analysis, and hardware hacking.

This research was presented at Black Hat USA 2017.

- Paper: https://www.blackhat.com/docs/us-17/wednesday/us-17-Santamarta-Go-Nuclear-Breaking%20Radition-Monitoring-Devices-wp.pdf

- Slides: https://www.blackhat.com/docs/us-17/wednesday/us-17-Santamarta-Go-Nuclear-Breaking%20Radition-Monitoring-Devices.pdf

2023 - Seeing Through the Invisible: Radiation Spikes Detected in Chernobyl During the Russian Invasion Show Possible Evidence of Fabrication

Chernobyl, an iconic symbol in our social imaginary that represents everything that may go wrong with radioactivity, was taken by the Russian occupation forces, as part of a full-scale invasion of Ukraine. During the first 48 hours of this situation, it was officially reported that the Automatic Radiation Monitoring System (ASKRS) of the Chernobyl Exclusion Zone had detected abnormally high radiation values. The intense traffic of heavy military vehicles, which would be stirring up radioactive dust, was initially pointed out as the root cause for the reported radiation spikes.

This talk will comprehensively describe the research that has been performed around this incident. Among other things, I have reconstructed the events through OSINT, talked to nuclear experts and visited radiological laboratories to analyze equipment and software. Eventually, I gained access to the data transmitted during those days by the wireless radiation monitoring devices in Chernobyl, thus being able to demonstrate that the patterns identified in the radiation spikes detected during the 24th and 25th of February 2022 show the possibility that data may have been fabricated.

Evidence confirms that the radiation levels depicted by a very specific set of real-time radiation maps, which during those days were consulted by millions of people and also consumed as a single source of information by media outlets and official entities, did not correspond to the actual physical conditions of the Chernobyl Exclusion Zone.

This research, presented at Black Hat USA 2023, elaborates on the software-based data manipulation as a plausible explanation.

- Paper: https://drive.google.com/file/d/1Sxg7Do9DVs6xquv-j8gBUgN4RUZkMG2N/view?usp=sharing

- Slides: https://i.blackhat.com/BH-US-23/Presentations/US-23-Santamarta-Seeing-Through-The-Invisible.pdf

- Web version: https://www.reversemode.com/2024/01/what-really-happened-in-chernobyl.html

2024 - A Practical Analysis of Cyber-Physical Attacks Against Nuclear Reactors

This research paper aims to provide a comprehensive technical analysis of hypothetical cyber-physical attacks targeting the safety systems of nuclear reactors (PWRs), such as the Reactor Protection System (RPS) and the Engineered Safety Features Actuation System (ESFAS).

The paper is structured to facilitate reading and understanding, making this analysis accessible to readers with varying levels of technical expertise.

The “Introduction” describes the nuclear engineering and nuclear physics concepts behind nuclear fission, Pressurized Water Reactors (PWRs) and NPPs, which are required to follow the subsequent cyber-physical attack scenarios. Prior knowledge of nuclear physics or reactor engineering is not assumed, making it accessible to those without a formal background in these fields.
“Actors and motivations” describes the background of certain real-world operations involving cyber-physical attacks and nuclear facilities.
“Teleperm XS” introduces the commercial Instrumentation and Control (I&C) platform, including a detailed description of the hardware, software architecture, attack surface, and eventually those characteristics that could potentially be leveraged by malicious actors.
“Cyber-Physical Attacks” details an approach to analyzing the design of specific nuclear reactors in order to characterize a series of feasible cyber-physical attacks against their safety systems (e.g. RPS, ESFAS), according to the level of damage sought by the attackers

- Paper: https://drive.google.com/file/d/1qe_nBH1ACDX2ydmzcIhJnbdRGnoDvVfP/view?usp=preview

2025 - TBD

Please feel free to reach out if you are interested in supporting this new research.

Reversemode

Search This Blog

Nuclear Cybersecurity Research

SATCOM terminals under attack in Europe: a plausible analysis.

Reversing 'France Identité': the new French digital ID.

VIASAT incident: from speculation to technical details.