Cyber-attack on Power Grid Paralysis

Cyber Attacks on the Power Grid: The Specter of Total Paralysis

Posted in General Security, Hacking, Incident Response on July 27, 2015

The Incidents

Imagine that one day you wake up and trading is halted on the New York Stock Exchange (NYSE) floor; meanwhile systems at United Airlines and the Wall Street Journal newspaper appear out of order.

It is not a scene from a movie; it happened on July 8, when trading at the NYSE stopped around 11:30 a.m. ET.

According the media, the temporary interruption of the services mentioned was a fateful coincidence and the events are unrelated, but the incidents have raised once again the question of the real security of critical infrastructure.

White House spokesperson Josh Earnest confirmed that the incidents weren’t caused by cyber-attacks. President Obama had briefed on the glitch at NYSE by White House counterterrorism and Homeland Security adviser Lisa Monaco as well as Chief Of Staff Denis McDonough.

“It appears from what we know at this stage that the malfunctions at United and at the stock exchange were not the result of any nefarious actor,” said Department of Homeland Security Secretary Jeh Johnson. “We know less about the Wall Street Journal at this point except that their system is back up again as is the United Airline system.”

Which is the impact of a cyber-attack on a critical infrastructure? Are critical infrastructure actually secure?

A major attack on a critical infrastructure like a power grid would cause chaos in the country by interrupting vital services for the population.

The current scenario

The Stock Exchange, transportation, and media are critical to the infrastructure of a country. A contemporary failure of these systems could cause serious problems to the nation, especially when the incident is caused by a cyber-attack.

“I think the Wall Street Journal piece is connected to people flooding their web site in response to the New York Exchange to find out what’s going on.” FBI Director James Comey told the Senate Intelligence committee. “In my business we don’t love coincidences, but it does appear that there is not a cyber-intrusion involved.”

Sen. Bill Nelson, D-FL, the top Democrat on the cyber-security subcommittee, told Fox News that the NYSE incident has “the appearance” of a cyber-attack and noted the coordination of multiple sites.

Thus far, the temporary outage at the New York Stock Exchange, United Airlines and the Wall Street Journal’s website were the results of tech glitches, but we have to consider the US infrastructure remains vulnerable to cyber-attacks that would cause serious problems and would be costly.

To compound the scenario, there is the rapid increase in the number of cyber-attacks, at least of those we fail to detect, and its complexity.

The DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued its new ICS-CERT MONITOR report related to the period September 2014 – February 2015. The ICS-CERT MONITOR report

According to the report, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) received and responded to 245 incidents in Fiscal Year 2014, more than half of the incidents reported by asset owners and industry partners involved sophisticated APT. ICS/SCADA system were also targeted by other categories of threat actors, including cyber criminals, insider threats and hacktivists.

“Of the total number of incidents reported to ICS-CERT, roughly 55 percent involved advanced persistent threats (APT) or sophisticated actors. Other actor types included hacktivists, insider threats, and criminals. In many cases, the threat actors were unknown due to a lack of attributional data.” states the report.

Analyzing incidents reported by sector, it is possible to note that the majority of the attacks involved entities in the Energy Sector followed by Critical Manufacturing. About 30 percent of the incidents hit infrastructures in the energy sector, meanwhile Critical Manufacturing (i.e. manufacturing of vehicles and aviation and aerospace components) accounted for 27 percent.

The threat actors used a significant number of zero-day vulnerabilities to compromise industrial control systems through the exploitation of web application flaws.

The most common flaws exploited by attackers include authentication, buffer overflow, and denial-of-service . Noteworthy among ICS-CERT’s activities included the multi-vendor coordination that was conducted for the ”

“Noteworthy among ICS-CERT’s activities included the multi-vendor coordination that was conducted for the “Heartbleed” OpenSSL vulnerability. The team worked with the ICS vendor community to release multiple advisories, in addition to conducting briefings and webinars in an effort to raise awareness of the vulnerability and the mitigation strategies for preventing exploitation” states the ICS-CERT report to explain the coordination activities sustained by the agency to address principal vulnerabilities.

The ICS-CERT MONITOR report confirmed that the attackers used a vast range of methods for attempting to compromise control systems infrastructure, including:

Figure 1 – ICS -CERT Attack Methods

Unfortunately, it is quite difficult to attribute an incident to a specific threat actor. In the majority of cases, these offensives have gone under the radar over the years due to high level of sophistication of the Tactics, Techniques, and Procedures (TTPs).

The victims were not able to identify the threat actors. Neither the attack vector exploited by hackers for 38 percent of the reported incidents,

“Many more incidents occur in critical infrastructure that go unreported,” states the ICS-CERT MONITOR report. “Forensic evidence did not point to a method used for intrusion because of a lack of detection and monitoring capabilities within the compromised network”.

US power grid vulnerable to cyber attacks

The US power grid is a privileged target for various categories of attackers, terrorists, cyber criminals, and state-sponsored hackers. Daily, they threaten the backbone of the American society. Security experts and US politicians are aware that the national power grid is vulnerable to a terrorist attack.

“It’s possible; and whether it’s likely to happen soon remains to be seen,” explained by the former Secretary of Defense William Cohen on “The Steve Malzberg Show.”

Attackers have several options to hit a power grid, from a cyber-attack on SCADA systems to an EMP attack, according to Cohen.

“You can do it through cyber-attacks, and that’s the real threat coming up as well. We have to look at cyber-attacks being able to shut down our power grid, which you have to remember is in the private sector’s hands, not the government’s. And we’re vulnerable,” Cohen added. “It’s possible and whether it’s likely to happen soon remains to be seen.”

“That’s because the technology continues to expand and terrorism has become democratized. Many, many people across the globe now have access to information that allows them to be able to put together a very destructive means of carrying out their terrorist plans. We’re better at detecting than we were in the past. We’re much more focused in integrating and sharing the information that we have, but we’re still vulnerable and we’ll continue to be vulnerable as long as groups can operate either on the margins or covertly to build these kind of campaigns of terror.” said Cohen.

Former Department of Homeland Security Secretary Janet Napolitano shared Cohen’s concerns. A major cyber-attack the power grid was a matter of “when,” not “if.”

State-sponsored hackers, cyber terrorists are the main threat actors, but as confirmed by a recent research conducted by TrendMicro, also the cybercrime represents a serious menace.

Former senior CIA analyst and EMP Task Force On National Homeland Security Director, Dr. Peter Vincent Pry, told Newsmax TV that that a cyber attack against the power grid could cause serious destruction and loss of life.

Not only US power grid are under attack. In January 2015, the British Parliament revealed that UK Power Grid is under cyber-attack from foreign hackers, but the emergency is for critical infrastructure worldwide.\

Figure 2 – SCADA control room

Arbuthnot confirmed the incessant attacks on national critical infrastructure and he doesn’t exclude a major incident, despite the enormous effort spent at the National Grid.

“Our National Grid is coming under cyber-attack not just day-by-day but minute-by-minute,” Arbuthnot, whose committee scrutinized the country’s security policy, told a conference in London last year. “There are, at National Grid, people of very high quality who recognize the risks that these attacks pose, and who are fighting them off,” he said, “but we can’t expect them to win forever.”

The power grid is a vital system for our society and the cyber strategy of every government must consider its protection a high priority, a terror attack would leave entire countries sitting in the dark.

A hypothetical attack scenario and estimation of the losses

What will happen in case of a cyber-attack on a critical infrastructure in the US? Which is the economic impact of a cyber-attack against a power grid?

According to a poll conducted by researchers at the Morning Consult firm from May 29 to May 31, cyber-attacks are just behind terrorism attacks on the list of biggest threats to US. The research allowed the experts to estimate that the insurance industry could face losses of about $21 billion. That poll was conducted by interviewing a national sample of 2,173 registered voters.

Nearly 36 percent of voters consider acts of terrorism at the top of a list of major security threats, followed by cyber-attacks at 32 percent.

Figure 3- Morning Consult firm poll results

The Lloyd’s of London has conducted a very interesting study, Business Blackout, that describes the impacts of a cyber-attack on the national power grid.

It is the first time that the insurance industry has elaborated on a similar report. Obviously, the estimates provided are merely indicative due to the large number of factors that can influence the costs.

According to the report prepared by Lloyd’s of London in a joint effort with the University of Cambridge’s Centre for Risk Studies, cyber-attacks would have a catastrophic impact on multiple types of insurance.

The attack scenario described by Business Blackout illustrates the effects of a malware-based attack on systems that controls the national power grid. The attack causes an electrical blackout that plunges 15 US states and principal cities, including New York City and Washington DC, into darkness. Nearly 93 million people will remain without power in the scenario hypothesized by the study.

The attackers spread the ‘Erebos’ Trojan through the network with the effect of compromising the electricity generation control rooms in several locations in the Northeastern United States.

According to the researchers, the attack will cause health and safety systems to fail, disrupting water supplies as electric pumps fail. The chaos will reign causing the failure of main services, including transportation. The malware is able to infect the Internet and search and compromise 50 generators that it will destroy, causing prolonged outages in the region.

The total of claims paid by the insurance industry has been estimated to be included in the interval comprised between $21.4b and $71.1b, depending on the evolution of the scenarios designed by the researchers.

The researchers involved in the simulation have calculated the economic losses could range from $243 million to $1 trillion, depending on the number of components in the power grid compromised by the attack.

“Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue to business and disruption to the supply chain. The total impact to the US economy is estimated at $243bn, rising to more than $1trn in the most extreme version of the scenario.” states the report.

The experts analyzed the historical outages, estimating that currently the power interruptions, most of which last five minutes or less, already cost the US about $96 billion. The cost related to a prolonged outage is likely to be included in the range of $36 billion to $156 billion. The Commercial and industrial sectors are the sectors most impacted by the attack on the power grid due to their dependency on the electricity supply.

“Evidence from historical outages and indicative modelling suggests that power interruptions already cost the US economy roughly $96bn8 annually.9 However, uncertainty and sensitivity analysis suggest this figure may range from $36b to $156b.” continues the report. “Currently over 95% of outage costs are borne by the commercial and industrial sectors due to the high dependence on electricity as an input factor of production.”

As explained in the report, it is important to identify the risks related to a possible cyber-attack and adopt all the necessary measures to mitigate them. The protection of critical infrastructure like a power grid is an essential part of the cyber strategy of any Government.

Russia Propaganda at Work Blaming MH17 on U.S.

Not all propaganda is created equal. For every piece of elegantly crafted misinformation meant to sway hearts and minds, there is spin so poorly produced that it borders on the absurd. Case in point, a comically bad audio recording released by the Russian tabloid Komsomolskaya Pravda on Wednesday of two alleged CIA agents conspiring to bring down Malaysia Airlines Flight MH17, which crashed in eastern Ukraine on July 17, 2014.

Complete with stilted greetings and cumbersome dialogue that sounds like both men are reading from a script, the recording opens with a series of conversations between the two alleged spies, identified as David Hamilton and David L. Stern. Throughout the recording, they discuss “preparations” for an operation that involves shooting down a plane with a surface-to-air missile and an eventual Plan B, which involves placing a bomb inside the plane — all for the purpose of staging a crash to discredit Russian-backed separatists in Ukraine and the Kremlin itself.

But you don’t have to listen long to question the recording’s authenticity. The men’s accents are curious to say the least. One sounds British for half the recording until he switches to a more American accent. The other man does his best to hide his Russian accent, but it pops up at the beginning as he clumsily asks his co-conspirator, “How are the preparations?” But the most glaring hole is in the conversation itself. The men do not talk with each other like native English speakers and use turns of phrase that sound as if their dialogue was translated to English from Russian via Google Translate. Before signing off, the two say “Luck!” to each other, a common farewell in Russian.

The entire released recording can be heard below.

 

Conspiracy theories and propaganda of this magnitude are hardly new when it comes to the downing of MH17, which killed all 298 people on board. Immediately following the crash in July 2014, Ukraine and the West accused pro-Russia separatists of shooting down the plane with a Buk surface-to-air missile, which they say was likely supplied by Moscow.

Initially, Russian officials said the passenger plane was shot down by a Ukrainian Su-25 fighter jet. On July 21, 2014, Russia’s Defense Ministry hosted a press conference and presented radar data that allegedly showed another aircraft near MH17 before it was shot down. The Russian Union of Engineers said wreckage indicated the plane was destroyed by heat-seeking air-to-air missiles. Russian media then gave heavy attention to a man claiming to be a Spanish air traffic controller in Kiev who said that two Ukrainian fighter jets had followed the airliner. After the Spanish controller was discredited, the Kremlin switched to a new theory — that the plane was hit by a missile launched from Ukrainian territory and fired by troops loyal to Kiev.

The latest theory coming out of the Russian media, and supposedly reinforced by the new recording, is that a bomb was detonated within the airliner and planted by Western agents. “It really doesn’t make any sense,” Eliot Higgins, the founder of Bellingcat, an open source investigative journalism network, told Foreign Policy. Higgins and his team at Bellingcat have been debunking Russian theories around MH17 for over a year using open source information — geolocating social media posts and videos and using satellite imagery to trace the movements of the Buk missile launcher seen in the area before and after the plane was shot down. Based on Bellingcat’s research, Higgins believes that MH17 was most likely shot down by a Buk missile fired by Russia-backed separatists. “No other scenario has the same degree of evidence.”

Still, the case is far from closed on MH17. The Joint Investigation Team, which comprises representatives from several countries, and the Dutch Safety Board are working on separate investigations into what downed the passenger plane. Dutch investigators said Tuesday that fragments of a suspected Russian missile system were found at the crash site in Ukraine. In a joint statement following the new evidence, the JIT and Dutch Safety Board cautiously said that “the parts are of particular interest to the criminal investigation as they can possibly provide more information about who was involved in the crash of MH17.”

A report by the Dutch Safety Board into the cause of the crash is expected by the end of October, while the separate international criminal investigation is likely to take several more months to complete.

On July 29, Russia vetoed a United Nations Security Council draft resolution — introduced by Malaysia — that would have set up an international tribunal to prosecute those suspected of downing the passenger plane. Moscow said the measure was a biased and politically motivated propaganda move to implicate the Kremlin or the Russia-backed Ukrainian separatists.

America has Been Latinized

Census: Record 42.1 million immigrants in U.S., Mexicans drive latest surge

by Paul Bedard

A new analysis of legal and illegal immigrant counts by the Census Bureau revealed Thursday that there is a record 42.1 million in the United States, an explosion that is being driven by Mexicans flooding across the border.

In a report provided to Secrets by the Center for Immigration Studies, the total immigrant population surged 1.7 million since 2014. The growth was led in the last year by an additional 740,000 Mexican immigrants.

The 42.1 million tabulated by Census in the second quarter represent over 13 percent of the U.S. population, the biggest percentage in 105 years.

What’s more, the numbers of immigrants coming and going from the U.S. is actually higher since many return home every years, said the report. “For the immigrant population to increase by one million means that significantly more than one million new immigrants must enter the country because some immigrants already here return to their homeland each year and natural mortality totals 250,000 annually,” said the Center.

The stunning growth is sure to pour fuel on the already white-hot immigration debate in Congress and on the presidential campaign trail.

“Illegal immigration came up in the presidential debates, but there has been little discussion of the level of immigration; this at a time when total immigration is surging according to the latest data,” said Steven Camarota, co-author of the report and the Center for Immigration’s director of research.

“The rapid growth in the immigrant population was foreseeable given the cutbacks in enforcement, our expansive legal immigration system, and the improvement in the economy. But the question remains, is it in the nation’s interest?” he added.

Some key findings in the new report:

• The nation’s immigrant or foreign-born population, which includes legal and illegal immigrants, grew by 4.1 million from the second quarter of 2011 to the second quarter of 2015 — 1.7 million in just the last year.

• Growth in the last year was led by a rebound in the number of Mexican immigrants, which increased by 740,000 from 2014 to 2015 — accounting for 44 percent of the increase in the total immigrant population in the last year.

• The total Mexican immigrant population (legal and illegal) reached 12.1 million in the second quarter of 2015 — the highest quarterly total ever.

• The Department of Homeland Security and other researchers have estimated that eight in 10 illegal immigrants are from Mexico and Latin America, so the increase in immigrants from these countries is an indication that illegal immigration has begun growing again.

Much of the new immigration is due to the explosion of green cards and the flood of younger Latin Americans leaving troubled situations back home.

Many companies, meanwhile are taking advantage of the immigrants and replacing higher paid Americans with cheaper immigrant labor, even in skilled jobs.

Polls, meanwhile, show that the public wants action to stop the surge of illegal immigrants, an issue picked up by some of the Republicans running for president such as Sen. Ted Cruz and Donald Trump.

Additional numbers assessments and trends:

When it comes to the U.S. population, the “mainstream” is shifting from white to multicultural. In 1980, the U.S. was 80% white/non-multicultural. By 2012, that proportion had decreased to 64%. And in the years to come, the multicultural, non-white population will account for larger and larger percentages of the population.

Multicultural America is becoming more Latino. Hispanics, African-Americans, and Asians represented just 20% of the population in 1980. By 2012, that percentage nearly doubled to 36%. Over that more than twenty year period, Hispanics have grown to represent a much larger proportion of the multicultural population. They were 32% of the multicultural segment in 1980 — and grew to 47% in 2012.

By 2050, there will be as many young Latinos in the U.S. as white non-Hispanics. Unlike waves of past immigrants, Hispanics will grow to be equal in size to the host population. In 1980, non-Hispanic whites were 74% of the under-18 population and Hispanics were 9%. By 2050, the two groups will be even, with both projected to represent 36% of the population under 18.

Already, Hispanics are the engine of growth for the 18-34 demographic. From 2015 to 2020, Hispanics 18-34 are projected to increase by over 1.8 million. Over that same period for that age group, non-Hispanic whites will decrease in size by nearly 1.3 million. Blacks and Asians will also grow – but on a much smaller scale (by 84,000 and 267,000, respectively).

The youth population is very Latino. Today, Hispanics represent more than 1 in 5 people under 35. And that proportion rises when it comes to the very young: Latinos account for almost 1 in 4 births in the U.S.

Growth fueled by the second generation. Hispanic population increases are expected to come from immigration and births in the US — but the majority will come from US births. The Census projects that from 2012 to 2050, the US-born Hispanic population will increase at 5 times the rate of foreign-born Hispanics. And while today the US-born group is about 65% larger than foreign-born, in 2050 there will be nearly 4 times more US-born Hispanics than foreign-born.

The second generation is already taking over the 18-34 demographic – and the pace is only going to pick up. Hispanics 18-24 skew heavily US-born, while more than half of 25-29s and 30-34s are foreign-born. By 2020, 85% of 18-24s and 61% of 25-29s will be US-born (and 30-34s will still be more foreign-born (55%).

A mega wave of second-generation Latinos is heading into the key advertiser demos. More than 90% of Hispanic kids under 11 were born in the US – and 6 million of them are second generation. As they get older, they will shape the market in new ways. Every year, nearly 550,000 second-generation Latinos are entering the teen demographic.

Hillary Email Server Timeline and Facts

Like everyone else, tracking the pieces of this scandal takes imagination and could require a spreadsheet that includes names and dates. So, below will be some facts and dates and for sure could be amended as more developments are realized.

1. Bill Clinton had/has his own server dedicated to Clinton business, Foundation operations and speeches.

2. Hillary needed an IT based system during the time she was running for president in 2008, could not use the existing server due to capacity limitations, so she bought yet another which came with an IT person.

3. Server 2 was installed in the basement of the Chappaqua home and managed by a person listed as Eric Hoteham. Likely the real name is Eric Hothem, who was a DC stockbroker and a Democrat fundraiser that worked for Bill. Eric was also an aide to Hillary during her time as First Lady.

4. Several email addresses were created on the 2nd server where they had some numbers assigned like [email protected]. Several identified run from 18-22 but leads to a question ‘were there email addresses created 1-17? There is also a strange email address on the server known as [email protected]. It should be noted that Guccifer hacked the email address of hdr22.

5. Hillary used several communications devices: a Blackberry which is government issued, an iPad and an IPhone. Questions include, were any of these fitted with encryption features, including her server(s)? So far that answer is no.

6. In the handful of emails released to date as required by the Judge via the State Department, Hillary did not know how to use email and there was a time when the server was down which caused issues for Huma Abedin.

7. In June of 2013, the Hillary team went to an outside IT provider known as Platte River, located in Denver. All electronic communications were moved to Platte River and the Hillary server was moved to a data center in New Jersey and subsequently wipe clean. Now the question is what the Denver IT company Platte River providing redundant services and or an encryption platform to protect classified data for the emails? So far the company is not responding to media questions. The decision to transfer the server services was at the same time the emails that included Sidney Blumenthal were hacked by Guccifer.

6. Two weeks ago, the FBI made a call to Platte River to determine the basis of their work for the Hillary communications platform. On Thursday of last week, Hillary’s lawyer, David Kendall surrendered the 3 thumb drives to the FBI. On Wednesday of this week, the FBI took control of the server located in New Jersey.

7. The recent 2 of 4 emails in question that were marked with the top secret classifications due in part that they included geo-spatial information were sent via a compartmentalized system to the State Department. From State Dept., they were then removed from the protected compartmentalized system and sent to the uncertified Hillary system. All the top secret designations were removed, which is a felony.

8. David Kendall, the Hillary lawyer who maintained the 3 thumb drives was also the lawyer of record for General David Petraeus during his email investigation.

9. All of government uses the same ‘sensitive compartmented information security procedures and there is a manual.

10. Additional details on Hillary email server scandals can be found here.

11. Hillary Clinton statements on the email scandals proving the lies so far.

12. Wrap up to date on the server and the law.

13. Huma Abedin, Hillary’s personal aide and confidant has lawyered up with Karen Dunn on two fronts, the overpayment of $10,000 and for the email scandals.

14. In a recent batch of Hillary emails released was an inquiry about a book describing how to delete emails and the consequences that could result in a jail term.

N. Korea Increasing Uranium Production and Weapons Stockpiles For Iran?

A central plank of the Obama administration’s case for the nuclear deal just concluded by the P5+1 powers is that the agreement closes off “all pathways” by which the Iranian regime could acquire a nuclear capability, at least for the coming decade.

That, however, simply isn’t true. The Joint Comprehensive Plan of Action (JCPOA), as the new nuclear bargain is officially called, only addresses the overt means by which Iran might go nuclear. A covert path to the bomb, entailing the procurement of materiel from foreign suppliers, still remains open to Iran, if it chooses to take that route.  If it does, the Islamic Republic will invariably look to Asia. That’s because over the past three decades, Iran and the Stalinist regime of the Kim dynasty in North Korea have erected a formidable alliance—the centerpiece of which is cooperation on nuclear and ballistic-missile capabilities.

As long ago as 1985, the two countries had already launched cooperative missile development, with Iran helping to underwrite North Korea’s production of 300-kilometer-range Scud-B missiles. Their interaction expanded in the 1990s, when Iran and North Korea began joint development of Iran’s Shahab medium-range missile, which is closely based on North Korea’s own nuclear-capable No Dong. More details here.

Recent Imagery Suggests Increased Uranium Production in North Korea, Probably for Expanding Nuclear Weapons Stockpile and Reactor Fuel

By

Summary

North Korea is expanding its capacity to mine and mill natural uranium. Recent commercial satellite imagery shows that, over the past year, Pyongyang has begun to refurbish a major mill located near Pyongsan that turns uranium ore into yellowcake.[1] The renovation suggests that North Korea is preparing to expand the production of uranium from a nearby mine.

The question is: What will North Korea do with this uranium? One possibility is that North Korea will enrich the uranium to expand its stockpile of nuclear weapons. Another is that Pyongyang plans to produce fuel for the Experimental Light Water Reactor under construction at its Yongbon nuclear scientific research facility as well as future light-water reactors based on that model.

A major challenge in estimating the size of North Korea’s nuclear weapons stockpile is uncertainty about whether Pyongyang has additional centrifuge facilities for enriching uranium. While such facilities may be hard to detect, the expansion of mining and milling near Pyongsan may allow observers to estimate the size of North Korea’s enrichment infrastructure based on its demand for uranium. Closer scrutiny of North Korea’s uranium resources, including its other declared mines and mills as well as suspected sites, may help arrive at more accurate estimates of this key capability.

North Korea’s Uranium Infrastructure

While wonks have turned their pointy heads toward North Korea’s nuclear reactors, reprocessing facility and enrichment capabilities, all of these capabilities depend on a supply of natural uranium. Uranium, whether natural or enriched, is the essential fuel for nuclear reactors that produce plutonium and can also be enriched to produce nuclear weapons.

The North Koreans like to brag about how much uranium they have. One North Korean publication described the DPRK’s uranium resources as “infinite.” And poor Andrea Berger, a non-proliferation expert at the Royal United Services Institute in London, even got a lecture on the subject from a North Korean official.

As it turns out, though, North Korea’s uranium resources are probably paltry, which means that we may be able to locate and monitor a relatively small number of sites. That, in turn could help us get a better grip on the North’s ability to produce reactor fuel and bombs. Thanks to the collapse of the Soviet Union, scholars now have access to internal Soviet and Warsaw Pact documents describing North Korea’s efforts to seek assistance in developing its uranium resources.

North Korea asked the Soviet Union for help in the field of the uranium prospecting as early as 1948. The request is described in an internal Soviet memo, translated by the Wilson Center’s North Korea International Documentation Project, which suggests such prospecting be postponed.[2] North Korea kept bugging the Soviets, though. By the early 1960s, the Soviets had completed a survey, but concluded North Korean uranium deposits were too poor for exploitation. Two Soviet specialists told their Ambassador in Pyongyang: “Korean uranium ore is not rich and is very scarce. The mining and processing of such ore will be extremely expensive for the Koreans.”[3] As it turns out, the North Koreans didn’t care that the uranium was extremely expensive. If you wonder whether Kim Il Sung wanted a bomb or not, his abiding interest in a domestic source of uranium at any cost is a hint.

The memos also include technical information. One memo, reporting on a 1979 North Korean effort to acquire uranium mining equipment from Czechoslovakia (hey, remember Czechoslovakia?) states: “[T]he DPRK has two important uranium quarries. In one of these two places, the uranium content of the ore is 0.26 percent, while in the other it is 0.086 percent.”[4] Based on other information released by the Soviet Union, it appears these mines are near Pakchon and Pyongsan, with Pyongsan likely having the higher quality ore.[5] In 1985, the North Koreans were still pressing the Soviets to speed up prospecting for new sources of ore.

In 1992, the DPRK declared, as part of its Comprehensive Safeguards Agreement with the International Atomic Energy Agency (IAEA), two uranium mines (the Wolbisan Uranium Mine and the Pyongsan Uranium Mine) and two mills for concentration (the Pakchon Uranium Concentrate Pilot Plant and the Pyongsan Uranium Concentrate Plant). While there are naturally questions about whether this declaration was complete, the claim of two uranium mines appears consistent with the Soviet surveys.

The IAEA also released videos of Hans Blix, the former Swedish Foreign Minister and then the head of the international organization, visiting both mills. I was able to use the videos to locate both mills and, as best I can tell, the location of these sites was not in the public domain until now:

  • Pakchon Uranium Concentrate Pilot Plant (39°42’34.73″N, 125°34’8.57″E)
  • Pyongsan Uranium Concentrate Plant (38°19’4.56″N, 126°25’57.43″E)

Figure 1. North Korea’s Uranium Concentrate Plants.

Image: Google Earth.

Figure 2. Overview of the Pyongsan Uranium Mine and Uranium Concentration Plant.

Image includes material Pleiades © CNES 2015. Distribution Airbus DS / Spot Image, all rights reserved. For media licensing options, please contact thirtyeightnorth@gmail.com.

Pyongsan Uranium Mine and Mill

Pyongsan is believed to the most important uranium mine and mill in North Korea. (The other mill, near Pakchon, was described as a pilot facility.) Commercial satellite imagery from Digital Globe and Airbus Defense and Space show the layout of the mine and mill that turns uranium ore into yellowcake. The mine is connected to the mill by a conveyor belt that brings uranium ore into the mill for processing. The various structures within the mill are connected to one another allowing the uranium to be processed in stages (see figure 2 for schematic of a typical mill). Finally, the mill is connected to a large pond where tailings are dumped.

Figure 3. Schematic of a typical mill.

Photo: Energy Information Administration.

While North Korea has operated the facility intermittently over the past decade, new spoil and tailings appeared sometime between 2006-2011, suggesting that the North resumed uranium mining and milling during that period after what appears to have been a lull of many years. This uranium may have been fabricated into new fuel rods for the 5 MWe gas graphite reactor. North Korea had only 2,500 fresh fuel rods for this reactor—less than a third of a full load. (North Korea also had 12,000 rods that had been fabricated for the never completed 50 MWth reactor, which could be converted into reactor fuel.) The uranium might also have been converted into uranium hexafluoride (UF6) that could be enriched to build nuclear weapons, either at the enrichment plant that the North constructed and revealed to Americans visiting Yongbyon in 2010 or at a covert site. Based on the size of the spoil pile and the tailings, it may be possible to make a rough estimate of how much uranium was recovered, but this estimate would be very approximate. However, North Korea seems to be mining more uranium to meet what may be increasing needs for fuel or bombs.

Many more details here with satellite imagery.

Conclusion

Pyongyang appears to be modernizing a key facility associated with the production of uranium yellowcake. This suggests that North Korea intends to mine and mill a significant amount of uranium that could serve as fuel for expanding its nuclear weapons stockpile, as well as for providing fuel for future light-water reactors that may be in the planning phase. Mapping and monitoring North Korea’s infrastructure for producing uranium can help estimate the size of North Korea’s uranium enrichment program which is otherwise shrouded in secrecy.