Priorities for Cybersecurity at Nuclear Facilities

Challenge

Cyber threats to nuclear materials and nuclear facilities are becoming more sophisticated every day, and global capacity to address the threat is limited.

Action

Working with some of the world’s top experts as well as stakeholders to develop priorities for a new strategy to protect nuclear facilities from cyberattack.

Results

A set of ambitious, forward-leaning priorities and recommendations to dramatically reduce the risk of damaging cyberattacks on nuclear facilities, with further guidance to come.

What if a hacker shut down the security system at a nuclear materials storage facility, giving access to terrorists seeking highly enriched uranium to make a bomb? What if cyber-terrorists seized control of operations at a nuclear power plant--enabling a Fukushima-scale meltdown? Or what if a hacker group opposed to nuclear energy stole highly sensitive data from a nuclear facility and held it hostage until they were paid a ransom?

Traditional nuclear security practices have focused on preventing physical attacks—putting in place “guns, guards, and gates” to prevent the theft of materials to build a bomb and the sabotage of a nuclear facility. 

Governments and industry have made important progress in this "traditional" nuclear security arena, but the threat of a cyberattack is escalating, and all countries and all nuclear facilities are vulnerable. Malware already has been found in systems at facilities all over the world—in some cases, it was maliciously inserted; in others, it simply wound up there by accident

To assess the impact of the cyber threat on nuclear security and to contribute to efforts to get ahead of the threat, NTI convened an international group of technical and operational experts with backgrounds in computer security, nuclear safety systems, nuclear engineering, industrial control systems, and nuclear facility operations. The group concluded that the combination of extremely limited technical capacity in this area, the current practice of making incremental change, and the ever-evolving nature of offensive actors in cyberspace means there is a need to re-think the current approach to cybersecurity at nuclear facilities. 

NTI’s first milestone toward defining a new approach is a report from this expert group, Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities. Released in December 2016 on the margins of the International Atomic Energy Agency’s International Conference on Nuclear Security, the report outlines priorities and recommendations that would dramatically reduce the risk of damaging cyberattacks on nuclear facilities. The priorities are: Institutionalize Cybersecurity, Mount an Active Defense, Reduce Complexity, and Pursue Transformation.

Download a PDF of the report here. In the coming months, NTI will develop and publish additional, specific guidance on implementing each priority. 


Read More

Latest Activity

Nuclear Facilities Face Urgent, Evolving Cyber Threat

With cyber threats against nuclear facilities on the rise, governments, industry, and international organizations must accelerate efforts to protect against a cyberattack with catastrophic consequences, according to a new report from the Nuclear Threat Initiative (NTI), Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities, released at the IAEA International Conference on Nuclear Security in Vienna.

Related Content

Outpacing Cyber Threats Cover
Report

Outpacing Cyber Threats

Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities takes a fresh look at cybersecurity at nuclear facilities and offers a set of ambitious, forward-lean...

Read More