Japan, as a nation scarred by the legacy of the Fukushima disaster, takes nuclear safety very seriously. Recently a scandal emerged that officials from the Hamaoka nuclear power plant, midway between Tokyo and Osaka, had manipulated and fabricated tectonic safety data in order to expedite a government review. The plant, and the company that ran it, Chubu Electric, had cherry picked tectonic data to use as a basis for its safety tests – allowing it to come up with an almost entirely fabricated result.
Unsurprisingly, Japan’s Nuclear Regulation Authority has condemned this in the strongest possible terms and has proposed reviewing all of Chubu Electric’s safety data across its entire portfolio of plants.
It’s far from the first case of manipulated data compromising safety in the nuclear sector. In 2012, the Korea Hydroelectric and Nuclear Power corporation (KHNP) found that 7682 parts had been supplied to five of its nuclear power plants based on falsified test reports – totaling almost 2114 tests, or 0.7% of all equipment testing in the supply chain. This equipment was intended to form part of the safety and cooling systems for several reactors, meaning its failure at a critical point could have spelled disaster.
More recently, the Halden reactor in Norway, which was shut down in 2018, was found to have altered data numerous times in an effort that was described as “planned and well hidden”. Given this test reactor supplied information and results to numerous other reactors, these fabricated results could well have knock-on effects across the world.
Cases of fabricated, altered or forged data, as well as being potentially disastrous for public safety, cause real damage to public trust. Especially in the nuclear sector, where many communities and countries globally are wary of the technology, scandals like these will have significant commercial and regulatory implications – damaging the whole sector. Without clear and definite steps towards greater information security, the industry risks walking into these traps repeatedly.
Why data verification matters
To be clear, incidents of outright data tampering like these are still fairly rare – but the one thing they have in common is that many, if not most, of these incidents could have been prevented by a unified standard of data verification.
Ultimately, when verifying digital data – one needs to know four things:
- Authenticity – is the document genuine? Has it been certified and approved by the correct authorities using the correct procedures?
- Provenance – who created it, and when? Does the timestamp of the final document match when it was originally created?
- Integrity – has it been altered at any point? If it was certified as correct at a certain point in time, has it been changed since then?
- Chain-of-custody – has the document changed hands or been altered by a third party? Is the document the same at the point of receiving it than it was at the point of sending it?
Assurance on all these factors is vital for securing important documents. Without a way of reliably verifying all of them, organisations open themselves up to several problems. First and foremost among these are unintentional and accidental changes. A zero being accidentally deleted in the course of checking a document is a frequent consequence of human error, for example. Such errors can be compounded by the increasing use of AI systems for checking large data sets.
Secondly, the inability to verify data makes documents much more vulnerable to the kinds of intentional manipulation that has occurred in some high profile nuclear cases. Having a rigorous overview of changes, chain-of-custody, and provenance makes it much easier for regulators, managers, and other stakeholders to identify where problems or even fraud are taking place. Bear in mind that in most cases, any alleged fraud is only revealed years later, usually as a result of outside groups and whistleblowers – highlighting the difficulty of spotting these issues.
Thirdly, weak standards for data control and integrity leaves the door open for cybersecurity attacks that focus on subtly and harmfully manipulating internal data, a threat regulators have worried about for years.
It seems like a glaring omission that there is not a unified recognised standard for data integrity in the safety critical nuclear sector, especially between different jurisdictions. Indeed, across different countries there is a patchwork of regulations and standards that apply to data, but they often mandate the proper setups of computers as opposed to the verification and integrity of data itself.
In an increasingly globalised world, and one that is seeing the startling increase of AI-powered forgery tools, this represents an urgent problem and one that could have wide effects across the sector.
How the industry should respond
In the wake of these data control scandals, it’s becoming increasingly clear that a lack of a unified, widely recognised standard for data verification is an ever-widening vulnerability. To redress this, organisations can and should adopt technologies that not only provide assurance across those four factors but could be independently verified across different jurisdictions.
One such technology is the Blockchain. Once used mainly for cryptocurrency, its nature as a publicly accessible, secure and private ledger of information and transactions gives it significant advantages as a method for verifying data integrity. No sensitive information needs to be placed on the public ledger – the unique, fixed-length string of alphanumeric characters known as a hash act as a digital fingerprint for data and can be independently verified using tools already available on the market. This creates an effective and immutable audit trail. Furthermore, these standards can be used across borders and institutions, allowing it to become a better way of elmininating differences between jurisdictions.
A blockchain-based data integrity standard would mean that regulators, organisations and managers can identify data integrity issues much more easily. Such a system could also act as a quicker and more adaptable response to data manipulation and a significant disincentive to further reputationally damaging scandals in the future.
Independently of which technology is used, however, it is inarguable that the nuclear sector will face a fatal credibility crisis if these scandals keep piling up. Without a water-tight way of ensuring data manipulation is spotted quickly, not only is the public safety put at risk, but that of the sector more broadly. A widely used and verifiable standard for data verification in the nuclear industry is well overdue.
