Ensuring the security of nuclear facilities is a critical element in preventing theft of nuclear materials or sabotage that could result in a radiological release. While the international community has traditionally focused on improving physical security to prevent these outcomes by investing in the “guns, guards, and gates” trifecta, a newer threat has gained attention: the cyber threat. A cyber attack on a nuclear facility could have physical consequences leading to either an act of theft or sabotage—presenting new challenges to facility operators as well as national authorities. Given the increasing use of digital devices and communications for controls, safety, physical security, and supporting functions, it is expected that these challenges will only continue to grow. As the cyber threat becomes more pronounced, these challenges could undermine global confidence in nuclear energy as a safe and reliable resource.
The growing sophistication of cyber threats increasingly taxes the capabilities of governments, national regulators, and facility operators around the world, and necessary progress in this area requires a fresh look at the overarching framework that guides cybersecurity implementation at nuclear facilities. The current approach is one of incremental change that ultimately leads to insufficient security because it can neither keep pace with the threat nor address the ever-widening gap between attackers and defenders. A more effective approach, based on a set of high-level guiding principles, is critical to mitigating the risks associated with our reliance on digital technology. Over the last year, NTI has convened a diverse group of experts to develop a set of ambitious, forward-looking principles to guide cybersecurity at nuclear facilities. This paper will discuss the cyber threat to nuclear facilities, why the current approach is insufficient, and some broad suggestions and questions to consider as the international community moves forward in this area.
Download a PDF of the six-page paper.