A report from the think tank Chatham House, which involved 18 months of research, concludes that nuclear power plants around the globe are vulnerable to cyber-attacks and that the risk of cyber-oriented plant disasters is increasing.
The study says that cyber-security at some nuclear power facilities is so lax that they rely on factory-set passwords, such as 1234, to gain access. It also says that nuclear facilities are not isolated from the outside world, just because they are not hooked into the Internet. A virus can find its way to a nuclear power plant through a flash drive or a laptop computer. In addition, the report says, many nuclear facilities are “insecure by design,” simply because, due to their age, they were designed before cyber-threats were a major concern.
The report says even a seemingly insignificant breach of cyber-security could have devastating consequences for both the public and the future of the civil nuclear industry.
The industry makes it known that nuclear plant computers are isolated from the public. However, “nothing more than a flash drive,” could dispel that claim, according to the report.
Moreover, while both state-sponsored and domestic cyber-attacks are growing in number, the nuclear power industry's cyber-isolation also works against it. First, “the infrequency of cyber-security incident disclosure at nuclear facilities makes it difficult to assess the true extent of the problem,” the report says. This, says the report, could give the industry a false sense of security. “Moreover, limited collaboration with other industries or information-sharing means that the nuclear industry tends not to learn from other industries that are more advanced in this field,” according to the report.
The industry, straight through to policy makers, is certainly aware the risks are out there. The Director of the International Atomic Energy Agency Yukiya Amano in June acknowledged that nuclear power plants and nuclear fuel processing plants were subjected to both random and intentional cyber-attacks.
But the Chatham House report calls for increased international cooperation and focused leadership. “The cybersecurity threat requires an organizational response by the civil nuclear sector, which includes, by necessity, knowledgeable leadership at the highest levels, and dynamic contributions by management, staff and the wider community of stakeholders, including members of the security and safety communities,” the report says.
Anonymous comments will be moderated. Join for free and post now!