Korea Hydro & Nuclear Power Co., Ltd.

Cybersecurity Risk Management

Cybersecurity threat is one of the most critical situations that can place an entire organization at severe risk. In the winter of 2014, 400 emails containing malware were disseminated into the Kore Hydro & Nuclear Power Co., Ltd (KHNP) internal network. Four employees happened to open the email, upon which a cyberattack on the biggest national energy institution began. KHNP faced a critical situation where the hacker accessed the organization’s confidential materials through social media and ultimately threatened to explode its nuclear plants on Christmas day.
While KHNP issued red alerts to the government and related organizations, FleishmanHillard in Korea swiftly collaborated with Korea’s most prestigious cybersecurity expert to form a ‘D-24 Hours Action Plan’ and construct a counterstrategy with KHNP’s CEO, management, and employees. As a core strategy, KHNP’s safe operation and reputation protection was prioritized. This was achieved by re-framing the situation from a ‘Data Leakage’ to ‘Cyber Attack’ condition and establishing a control tower centered on a rapid response system.
Furthermore, KHNP spared no time in setting up a temporary media room to hold a press conference through which fast and accurate information was delivered. As a result, public and media criticisms and speculations were quickly resolved. In all, fast response saved KHNP from becoming an ‘incapable’ organization and affirmed it as an institution that stays ‘in command’ in critical situations.