Skip to main content

The Journal Gazette

  • Associated Press Idaho National Laboratory interns Armando Juarez Jr., left, and Jordan Mussman work in the Faraday room in a cybersecurity electronics lab in Idaho Falls, Idaho.

Tuesday, December 25, 2018 1:00 am

Nuclear lab places more emphasis on cyber threats

KEITH RIDLER | Associated Press

IDAHO FALLS, Idaho – It's called the “Dark Side” because the 50 workers prefer to keep the lights low so they can dim the brightness on their computer screens.

Or maybe it's because of what they do in cyber research and development.

Questions about exactly what goes on at the heart of one of the United States' primary cybersecurity facilities at the Idaho National Laboratory aren't always answered, and photos by outsiders aren't allowed.

What is shared is that the U.S. is rushing to catch up with what cybersecurity experts say are threats by hackers to systems that operate energy pipelines, hydroelectric projects, drinking water systems and nuclear power plants across the country.

Scott Cramer, who directs the lab's cybersecurity program, said current efforts mostly involve “bolting on” cybersecurity protections to decades-old infrastructure control systems amid concerns they've already been infiltrated by malicious entities waiting for the opportune time to strike.

“This is no joke – there are vulnerabilities out there,” he said. “We're pretty much in reaction mode right now.”

The Idaho National Laboratory is mainly known as the nation's primary lab for nuclear research. But in the past decade, its cybersecurity work has put it on the leading edge there as well, and it's expanding.

A new 80,000-square-foot building called the Cybercore Integration Center will hold 20 laboratories and 200 workers. Another 67,000-square-foot building called the Collaborative Computing Center will house one of the nation's most powerful supercomputers. They are expected to be finished next fall at a cost of about $85 million.

The lab's focus is on what are called critical infrastructure control systems, as opposed to cybersecurity systems intended to protect information, such as banking or personal health records.

Its employees work to prevent threats like one that occurred in 2013, in which the Justice Department said seven Iranian hackers working at the behest of the Iranian government gained access to the controls of a dam in the suburbs of New York City. Prosecutors said the hackers would have been able to remotely access the dam's gate, but it was disconnected at the time for maintenance. Prosecutors in an indictment made public in 2016 called it a “frightening new frontier in cybercrime.” The hackers remain wanted by the FBI.

The Idaho National Laboratory's cybersecurity also has an electronics lab to dismantle and examine computers, including pulling information off severely damaged storage drives. The electronics lab contains a map of the U.S. West's electric grid and a car-sized computer that helps test the security systems of Western utilities, including Idaho Power, which serves an estimated 1.2 million people in southern Idaho and eastern Oregon.

Brad Bowlin, an Idaho Power spokesman, said the company as a matter of policy doesn't comment on its cybersecurity efforts.