As part of our work to define a set of overarching priorities for cybersecurity at nuclear facilities, the Nuclear Threat Initiative commissioned a series of short technical papers to outline areas that, if focused upon, would dramatically reduce the risk of damaging cyberattacks in this space. In December 2016, NTI published a report outlining four of these priorities and recommending first steps for achieving them.
This paper provides greater detail on one of those priorities, Reduce Complexity. Click here to view the paper in PDF form.
Cyber threats are increasingly one of the major threat
facing governments and industrial facility operators. One of the foundational
issues that makes protection from such attacks increasingly difficult is the
complexity of today’s networks and systems.
Driven by the auto industry in the early 1970s, digital automation of complex industrial environments started with comparatively simple digital devices capable of replacing hard-wired relay systems utilized on assembly lines. As much of the automotive process required annual changes, Programmable Logic Controllers (PLC) were used to modify configurations. Compelled by a desire for flexibility, initially simple systems became increasingly complex.
The subsequent rush to digitally automate everything from component creation to facility security created a culture of solution providers and systems integrators who, driven by an enthusiastic pursuit of efficiency gains and possessing a solid belief in latent capability as a hedge against future requirements, spread their message rapidly across multiple sectors including the nuclear sector.Significant benefits were realized through this digital expansion including reduced hardware, labor, wiring, and cabinet space, as well as quick process changes, and embedded system diagnostics. While digitization and increasing levels of complexity have brought many benefits, they also increasingly represent key challenges in ensuring that critical systems are resilient under cyberattack.