Florida, Texas reactors pass hurricane tests; Electricity cyber attacks blamed on 'Dragonfly' group

Our pick of the latest nuclear power news you need to know.

Florida reactors undamaged by Hurricane Irma

Florida Power and Light's 1.4 GW Turkey Point and 2.0 GW St. Lucie nuclear power plants sustained no apparent damage from Hurricane Irma as the storm hit Florida September 10, Rob Gould, FPL vice president and chief communications officer, told the regional TCPalm newspaper September 11.

The Turkey point and St. Lucie plants were spared a direct hit from the Category 3 hurricane as it hit the west coast of Florida on September 10 before heading north. Irma had been Category 5 strength when it approached the Caribbean islands.

FPL took off-line one reactor at the Turkey Point plant on September 9, ahead of predicted Category 1 hurricane force winds. FPL's protocol is to shut down the nuclear plants 24 hours before winds reach Category 1 strength (over 74 mph).

The second reactor at Turkey Point remained online during the storm and was taken off the grid on September 11 after a routine inspection discovered a valve issue, an FPL spokesman said.

The two reactors at the St. Lucie plant remained online during the storm and one reactor was shut down late on September 10.

"After an inspection of nearby electrical systems that support the plant, the conservative decision was made to safely shut down Unit 1," FPL spokeswoman Alys Daly told TCPalm.

The second reactor at St Lucie remained online as of September 11.

The St. Lucie nuclear plant is located on Florida's east coast, around 193 miles north of Miami.

The Turkey point plant is located in the south-east corner of Florida, 40 km south of Miami.

FPL is a subsidiary of NRG Energy.

Texas reactors operate at full capacity throughout Harvey

As Hurricane Harvey lashed the state of Texas on August 25, the 2.7 GW South Texas Project (STP) nuclear power plant continued to operate at full capacity, according to media reports.

The facility is managed by STP Nuclear Operating Company (STPNOC) and owned by Austin Energy, CPS Energy and NRG Energy.

The STP plant is located 10 miles inland and wind speeds did not reach hurricane force at the site. Ahead of the storm, STPNOC said it would shut down the plant if sustained wind speeds measure Category 1 hurricane force or above.

The operator reportedly deployed 250 personnel including operators, engineers, maintenance, emergency response and security experts at the site for the duration of the storm.

The buildings that house STP’s reactors, vital equipment and used fuel have steel-reinforced concrete walls, four to seven feet thick, which are built to withstand major hurricanes, STPNOC said.

The facility is elevated at 29 feet above mean sea-level (MSL) and uses watertight buildings and doors to protect emergency electric power and cooling systems. All buildings housing safety equipment are flood-proof to an elevation of at least 41 feet above MSL, according to STPNOC.

Dragonfly cyber attack group gains access to power system data

Energy companies in Europe and North America are being targeted by a new wave of cyber attacks that could provide attackers with the means to severely disrupt affected operations, cyber security firm Symantec said in a statement published September 6.

Symantec believes a sophisticated cyber espionage group known as Dragonfly is behind a recent wave of cyber attacks on European and U.S. power generation companies. Targets have reportedly included personnel working for U.S. nuclear plant operators and manufacturers of plant control systems.

"The Dragonfly group appears to be interested in both learning how energy facilities operate and also gaining access to operational systems themselves, to the extent that the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so," Symantec said.

In July, Senator Edward Markey called for U.S. federal government departments to reveal how many nuclear power plants have been impacted by cyber attacks and demonstrate sufficient cyber security measures are in place, following media reports of security breaches. Markey is a member of a U.S. subcommittee for international cyber security and sits on the Senate Foreign Relations Committee.

"The Department of Homeland Security has stated that the impact of these attacks 'appears to be limited to administrative and business networks.' However, there is no guarantee that malicious code could not migrate to physical control systems through the errant or unauthorized use of removable storage devices," Markey said in a letter to federal government departments.

"Furthermore, administrative and business networks could contain information relevant to the safety and security of nuclear plants, as well as personal information about the plant personnel. Malicious actors could use sensitive data to undermine plant security," he said.

On May 11, President Trump signed an executive order to strengthen the cyber security defences of federal networks and critical infrastructure.

Attack methods

The Dragonfly group is using a variety of methods to gain access to victims’ networks, including malicious emails, "watering hole attacks"-- where attackers compromise websites visited by targets-- and trojanized software, Symantec said.

"The earliest activity identified by Symantec in this renewed campaign was a malicious email campaign that sent emails disguised as an invitation to a New Year’s Eve party to targets in the energy sector in December 2015," it said.

Rising global connectivity has meant that all business sectors face a widening array of cyber security threats. The growth in digital communications to improve collaboration and productivity in the workplace has seen a rising number of unauthorized incursions linked to employees, according to the U.K. Government’s 2015 Information Security Breaches Survey, conducted by PWC.

In October 2015, UK think tank Chatham House said executive management and on-the-ground nuclear personnel may not realize plant vulnerability to cyber threats and are inadequately prepared to deal with cyber attacks.

Conventional industry thinking that all nuclear facilities are ‘air-gapped’ (isolated from the public internet) is misinformed, Chatham House said in a report. The think tank conducted 18 months of research including 30 interviews with nuclear industry staff in U.S., Canada, U.K., France, Germany, Japan, Ukraine and Russia.

At a global nuclear security summit held in Washington in March 2016, operators agreed to “move beyond traditional security solutions and develop more effective technological approaches to cyber security,” according to a group statement published by the U.S. Nuclear Energy Institute (NEI).

The use of social engineering to mount attacks on business data and information networks is emerging as a major risk to cyber security at nuclear power plants, experts told Nuclear Energy Insider in July 2016.

Going forward, operators also need to protect assets from the additional risks posed by real-time performance monitoring and data analytics systems.

The rising use of cloud computing and common platforms for power plant analytics will require in-depth review of technology options and regular security audits to minimize cyber security threats, experts at real-time software infrastructure firm OSIsoft, said.

Rolls-Royce proposes UK SMR strike price of 60 pounds/MWh

A new UK consortium led by Rolls-Royce could produce small modular reactors (SMRs) for a guaranteed 'strike price' of around 60 pounds per MWh ($79.1/MWh), the Telegraph newspaper reported, citing Rolls-Royce documents sent to UK Parliament this week.

This price is far lower than the 92.50 pounds/MWh price agreed for EDF's 3.2 GW Hinkley point C nuclear power plant, currently under construction in south-west England.

              UK wholesale power price forecast

Source: National Grid’s 'Future Energy Scenarios,' (2015)

Rolls-Royce is one of a number of domestic and international firms shortlisted in the UK's competition for the best value SMR design. The company has reportedly submitted a detailed design for a 220 MW SMR power plant unit which could be doubled to 440 MW, drawing from its experience in supplying reactors for submarines.

SMR developers including Rolls-Royce, NuScale, Hitachi and Westinghouse held meetings with government officials in recent weeks and the government will "soon" announce a new shortlist of preferred proposals, the Telegraph reported.

The UK government launched its SMR design competition in March 2016, pledging to invest at least 250 million pounds in nuclear R&D over the next five years.

The first phase of the SMR competition in the summer of 2016 saw the government receive design proposals and gauge market interest among technology developers, utilities and potential investors. Since then, the government has provided little information on the next steps.

UK-based SMR developers predict major economic benefits and intellectual property gains for domestic suppliers if the UK government backs their designs, company executives said during a webinar held by Nuclear Energy Insider in August 2016.

Deployment of a UK-developed Small Modular Reactor (SMR) could support 40,000 jobs in the next 20 years and add 100 billion pounds to the UK economy in 2030-2050, David Orr, ‎Senior Vice President Nuclear at Rolls-Royce, told the webinar.

A sustainable SMR industry could provide a total benefit to the UK economy of around 188 billion pounds by 2121 and over half of this benefit could be generated in 2030-2050, Orr said. These projections are based on 7 GW of SMR new build in the UK and 9 GW of exports.

On September 5, U.S. developer NuScale launched a "UK SMR Action Plan" to show how it would partner with industry in order to enter the UK nuclear power market.

NuScale plans to build the U.S.' first SMR plant in Idaho by the mid-2020s and its UK venture could see UK companies provide "more than 85% of the content required for UK deployments," the company said in a statement.

Nuclear Energy Insider