Addressing Cyber-Nuclear Security Threats


What if a hacker shut down the security system at a highly sensitive nuclear materials storage facility, giving access to terrorists seeking highly enriched uranium to make a bomb?

Challenge

Cyber threats to nuclear materials, nuclear facilities and nuclear command, control and communications are becoming more sophisticated every day, and the global technical capacity to address the threat is limited.

Action

Working with some of the world’s top experts as well as stakeholders to develop forward-looking approaches to and guidelines to protect nuclear facilities from cyber attack.

Results

Two significant studies assessing cybersecurity practices at nuclear facilities and offering recommendations for improvement; ongoing efforts to strengthen cyber-nuclear security and response capabilities.

What if a hacker shut down the security system at a highly sensitive nuclear materials storage facility, giving access to terrorists seeking highly enriched uranium to make a bomb? What if cyber-terrorists seized control of operations at a nuclear power plant–enabling a Fukushima-scale meltdown? Or, worse, what if hackers spoofed a nuclear missile attack, forcing a miscalculated retaliatory strike that could kill millions?

The cyber threat affects nuclear risks in at least two ways: It can be used to undermine the security of nuclear materials and facility operations, and it can compromise nuclear command and control systems.

Traditional nuclear security practices have been focused on preventing physical attacks—putting in place “guns, guards, and gates” to prevent 1) theft of materials to build a bomb, 2) sabotage of a nuclear facility, or 3) unauthorized access of nuclear command, control, and communications systems. Important progress has been made in this “traditional” nuclear security arena, but the threat of a cyber attack is escalating. All countries are vulnerable, and nuclear cybersecurity practices haven’t caught up to the risk.

Across the nuclear sector worldwide, the technical capacity to address the cyber threat is extremely limited, even in countries with advanced nuclear power and research programs. Measures to guard against the cyber-nuclear threat are virtually non-existent in states with new or emerging nuclear programs. Expertise in the field of nuclear cybersecurity is in short-supply, and the International Atomic Energy Agency (IAEA), which provides countries with assistance and training in this area, does not have the resources necessary to address the growing threat.

The threat extends to the command, control, and communications (NC3) for nuclear weapons. Even in the United States, officials have stated that it cannot be fully confident that these systems will operate as planned if attacked by a sophisticated cyber opponent. Such attacks could jeopardize the confidence of U.S. officials of our nuclear systems, lead to false warning or even potentially allow an adversary to take control of a nuclear weapons system.

Governments are working to understand and minimize these vulnerabilities, but cyber threats are becoming more sophisticated every day and those responsible—from policymakers to military officials to facility operators to regulators— are working to keep pace.

Drawing upon the expertise of both nuclear and cybersecurity experts, NTI is working to develop a set of guiding principles for cybersecurity at nuclear facilities. The current mindset is one of slow, incremental change that cannot keep pace with an ever-evolving threat—a fresh look at the overarching framework that guides cybersecurity at nuclear facilities is needed.

NTI is also working to strengthen global cyber-nuclear security and response capabilities. Even with a new strategy to guide cyber-nuclear security, addressing implementation challenges will be a multi-year (or even multi-decade) effort. However, the potential for a catastrophic cyber incident will only continue to grow. In response, NTI is addressing the geographic unevenness of cyber-nuclear expertise by bringing together the global technical cyber-nuclear community to facilitate information exchange and foster a network of relationships upon which nuclear operators can draw for advice and assistance.

Finally, recognizing the game-changing threat cyber risks pose to nuclear command, control, and communications, NTI is working with former senior officials and other experts to determine the implications of cyber threats to nuclear command and control for U.S. nuclear policies and force postures.

Activity

2022


New Video Breaks Down the Cyber-Nuclear Threat

News

New Video Breaks Down the Cyber-Nuclear Threat

A new video featuring national security expert Richard A. Clarke explains the cyber-nuclear threat and why we should all be worried about hackers gaining access to our nuclear weapon systems.

2019


2017



2016



2015


Cyber Security at Nuclear Facilities: National Approaches

Report

Cyber Security at Nuclear Facilities: National Approaches

Sponsored by NTI and undertaken by the Institute for Security and Safety at the University of Brandenburg, this report identified a set of criteria that reflect the basic, minimum security measures and regulatory requirements necessary to protect nuclear facilities against cyber attacks.


A New Approach to Nuclear Computer Security

Report

A New Approach to Nuclear Computer Security

The current, attack‐centric approach to computer security is incapable of adequately defending nuclear facilities. This paper introduces a new approach, vulnerability‐centric security, which enables nuclear facility operators to prevent successful cyber‐attacks while enhancing the day‐to‐day operation of their systems.

2013


Avoiding the Cyber-Nuclear Linkage

News

Avoiding the Cyber-Nuclear Linkage

Steve Andreasen and Richard Clarke urged President Obama to use his upcoming speech in Berlin to further minimize the role of nuclear weapons in U.S. national security strategy.

Close

My Resources