Nuclear facilities at risk from hacking attacks
Report from Chatham House finds global nuclear industry is at increasing risk from cyberattacks
Increasing diplomatic tensions, rogue states and natural disasters are not the only dangers that could cause nuclear disasters; cybersecurity breaches are also a growing concern for nuclear facilities, a report from Chatham House has said.
The think tank launched an 18-month project and interviewed 30 industry figures as well as policy makers and academics and found that nuclear facilities are becoming more and more vulnerable to cyberattacks.
"The cybersecurity risk is growing as nuclear facilities become increasingly reliant on digital systems and make increasing use of commercial off-the-shelf software, which offers considerable cost savings but increases vulnerability to hacking attacks," the report said.
"The trend to digitisation, when combined with a lack of executive-level awareness of the risks involved, also means that nuclear plant personnel may not realise the full extent of this cyber vulnerability and are thus inadequately prepared to deal with potential attacks."
Cyberattacks on nuclear locations are not unheard of, with the Iranian Natanz nuclear enrichment facility and Bushehr nuclear power plant attacks in 2010 by the Stuxnet worm noted as the "most highly sophisticated publicly known" incident to date. The attacks "caused the partial destruction of around 1,000 centrifuges".
And today a number of players could pose a threat to the cybersecurity of nuclear locations, such a terrorists, radical anti-nuclear hackers and state-backed intelligence agencies, according to the think tank.
The report highlighted a number of reasons for the threat to the nuclear industry, including the isolation of the sector from other industries, which means it is hard for it to learn from other businesses "more advanced in this field".
A lack of regulatory standards, poor communication between cybersecurity personnel and nuclear plant staff and "insufficient" relevant training at nuclear facilities were also highlighted as reasons for concern.
In response to these risks, Chatham House outlined a number of recommendations including promoting cybersecurity insurance, introducing guidelines which measure risks, and increased funding for developing countries with nuclear plants.