Cyberattacking the Radiation Alert System

Spanish law enforcement officials have announced the arrest of two individuals in connection with a cyberattack on the country's radioactivity alert network (RAR), which took place between March and June 2021.

The act of sabotage is said to have disabled more than one-third of the sensors that are maintained by the Directorate-General for Civil Protection and Emergencies (DGPCE) and used to monitor excessive radiation levels across the country.

The reason for the attacks is unknown as yet.

Cybersecurity

"The two detainees, former workers, attacked the computer system and caused the connection of the sensors to fail, reducing their detection capacity even in the environment of nuclear power plants," the Policía Nacional said.

The law enforcement probe, dubbed Operation GAMMA, commenced in June 2021 in the immediate aftermath of the attack perpetrated against the RAR network, which is a mesh of 800 gamma radiation detection sensors deployed in various parts of the country to detect surges in radioactivity levels.

In a post-mortem analysis shared by the agency, the intrusion was two-pronged, one which culminated in the unauthorized access to the control center's computer system to delete a web application used to manage the RAR system.

A second component of the attack involved the targeting of more than 300 sensors over two months, "causing the failure of their connection with the control center and thus reducing the detection capacity of the network."

Cybersecurity

The Policía Nacional said the arrests were the result of a year-long investigation and an exhaustive analysis of "all the communications of the sabotaged sensors."

Additionally, two homes and one company were raided in Madrid and San Agustín de Guadalix, enabling the authorities to seize several computers and communication devices allegedly used to facilitate the attacks.

"During the investigation, it was determined that the two detainees had been responsible for the maintenance program of the RAR system, through a company contracted by the DGPCE, for which they had in-depth knowledge of it, which made it easier for them to carry out the attacks and helped them in their efforts to mask their authorship," the agency said.


Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.