Page Stoutland, Ph.D.
Consultant, Scientific and Technical Affairs
Transformative Guiding Principles for Implementing Cybersecurity at Nuclear Facilities
Michael Assante
Director of Industrial Control Systems, SANS Institute
Ensuring the security of nuclear facilities is a critical element in preventing theft of nuclear materials or sabotage that could result in a radiological release. While the international community has traditionally focused on improving physical security to prevent these outcomes by investing in the “guns, guards, and gates” trifecta, a newer threat has gained attention: the cyber threat. A cyber attack on a nuclear facility could have physical consequences leading to either an act of theft or sabotage—presenting new challenges to facility operators as well as national authorities. Given the increasing use of digital devices and communications for controls, safety, physical security, and supporting functions, it is expected that these challenges will only continue to grow. As the cyber threat becomes more pronounced, these challenges could undermine global confidence in nuclear energy as a safe and reliable resource.
The growing sophistication of cyber threats increasingly taxes the capabilities of governments, national regulators, and facility operators around the world, and necessary progress in this area requires a fresh look at the overarching framework that guides cybersecurity implementation at nuclear facilities. The current approach is one of incremental change that ultimately leads to insufficient security because it can neither keep pace with the threat nor address the ever-widening gap between attackers and defenders. A more effective approach, based on a set of high-level guiding principles, is critical to mitigating the risks associated with our reliance on digital technology. Over the last year, NTI has convened a diverse group of experts to develop a set of ambitious, forward-looking principles to guide cybersecurity at nuclear facilities. This paper will discuss the cyber threat to nuclear facilities, why the current approach is insufficient, and some broad suggestions and questions to consider as the international community moves forward in this area.
Download a PDF of the six-page paper.
Stay Informed
Sign up for our newsletter to get the latest on nuclear and biological threats.
The Cyber-Nuclear Threat
Nuclear and tech experts know that all digital systems are at risk for cyberattacks—including nuclear weapons systems.
Global Action on Cybersecurity at Nuclear Facilities: Moving Beyond the Status Quo
This paper by Michelle Nalabandian, Alexandra Van Dine, and Page Stoutland highlights steps governments can take to protect nuclear facilities from cyber threats.
After Stuxnet: Acknowledging the Cyber Threat to Nuclear Facilities
Report highlights the threat posed to nuclear facilities from cyber-attacks & the lack of adequate legal and institutional protections for such facilities.