Technical Paper: Institutionalizing Cybersecurity at Nuclear Facilities

As part of our work to define a set of overarching priorities for cybersecurity at nuclear facilities, the Nuclear Threat Initiative commissioned a series of short technical papers to outline areas that, if focused upon, would dramatically reduce the risk of damaging cyberattacks in this space. In December 2016, NTI published a report outlining four of these priorities and recommending first steps for achieving them.

This paper, written by Anna Ellis of Indigon Consulting, provides greater detail on one of those priorities, Institutionalize Cybersecurity. Click here to view the paper in PDF form.

Introduction

There have been a number of recent cyberattacks on critical infrastructure, including nuclear facilities, which have demonstrated publicly that the cyber threat to nuclear facilities is real. Adversaries now have the ability to carry out such attacks, and incremental improvements in defenses are unlikely to be sufficient to ensure that an attack by a determined, adaptive adversary would fail.

While existing security procedures are largely effective against generic attacks and amateur hackers—the threat of greatest concern is that posed by organized, determined groups that may target specific facilities. Nation states and state-sponsored groups are developing ever more powerful cyber weapons and terrorist organizations are also becoming increasingly capable of launching damaging attacks.

For nuclear facilities in particular, a successful cyber-attack, especially if blended with a physical attack, could result in a catastrophic radiation release with serious consequences for surrounding communities. 
December 7, 2016
About

This paper provides detail on institutionalizing cybersecurity at nuclear facilities.