Page Stoutland PhD
Consultant, Scientific and Technical Affairs
Cyber threats to nuclear materials, nuclear facilities and nuclear command, control and communications are becoming more sophisticated every day, and the global technical capacity to address the threat is limited.
Working with some of the world’s top experts as well as stakeholders to develop forward-looking approaches to and guidelines to protect nuclear facilities from cyber attack.
Two significant studies assessing cybersecurity practices at nuclear facilities and offering recommendations for improvement; ongoing efforts to strengthen cyber-nuclear security and response capabilities.
What if a hacker shut down the security system at a highly sensitive nuclear materials storage facility, giving access to terrorists seeking highly enriched uranium to make a bomb? What if cyber-terrorists seized control of operations at a nuclear power plant–enabling a Fukushima-scale meltdown? Or, worse, what if hackers spoofed a nuclear missile attack, forcing a miscalculated retaliatory strike that could kill millions?
The cyber threat affects nuclear risks in at least two ways: It can be used to undermine the security of nuclear materials and facility operations, and it can compromise nuclear command and control systems.
Traditional nuclear security practices have been focused on preventing physical attacks—putting in place “guns, guards, and gates” to prevent 1) theft of materials to build a bomb, 2) sabotage of a nuclear facility, or 3) unauthorized access of nuclear command, control, and communications systems. Important progress has been made in this “traditional” nuclear security arena, but the threat of a cyber attack is escalating. All countries are vulnerable, and nuclear cybersecurity practices haven’t caught up to the risk.
Across the nuclear sector worldwide, the technical capacity to address the cyber threat is extremely limited, even in countries with advanced nuclear power and research programs. Measures to guard against the cyber-nuclear threat are virtually non-existent in states with new or emerging nuclear programs. Expertise in the field of nuclear cybersecurity is in short-supply, and the International Atomic Energy Agency (IAEA), which provides countries with assistance and training in this area, does not have the resources necessary to address the growing threat.
The threat extends to the command, control, and communications (NC3) for nuclear weapons. Even in the United States, officials have stated that it cannot be fully confident that these systems will operate as planned if attacked by a sophisticated cyber opponent. Such attacks could jeopardize the confidence of U.S. officials of our nuclear systems, lead to false warning or even potentially allow an adversary to take control of a nuclear weapons system.
Governments are working to understand and minimize these vulnerabilities, but cyber threats are becoming more sophisticated every day and those responsible—from policymakers to military officials to facility operators to regulators— are working to keep pace.
To draw attention to the growing cyber threat and bring stakeholders together to find solutions, NTI has sponsored two initial studies to assess and provide recommendations for cybersecurity practices at nuclear facilities:
From these studies and other research, NTI is designing and implementing additional projects in this area.
Drawing upon the expertise of both nuclear and cybersecurity experts, NTI is working to develop a set of guiding principles for cybersecurity at nuclear facilities. The current mindset is one of slow, incremental change that cannot keep pace with an ever-evolving threat—a fresh look at the overarching framework that guides cybersecurity at nuclear facilities is needed.
NTI is also working to strengthen global cyber-nuclear security and response capabilities. Even with a new strategy to guide cyber-nuclear security, addressing implementation challenges will be a multi-year (or even multi-decade) effort. However, the potential for a catastrophic cyber incident will only continue to grow. In response, NTI is addressing the geographic unevenness of cyber-nuclear expertise by bringing together the global technical cyber-nuclear community to facilitate information exchange and foster a network of relationships upon which nuclear operators can draw for advice and assistance.
Finally, recognizing the game-changing threat cyber risks pose to nuclear command, control, and communications, NTI is working with former senior officials and other experts to determine the implications of cyber threats to nuclear command and control for U.S. nuclear policies and force postures.
Moniz and Nunn are releasing statements to improve crisis-management in the Euro-Atlantic region and encouragingcooperation towards improving cybersecurity.
Page Stoutland, NTI’s Vice President for Scientific and Technical Affairs, draws attention to the possibility of a cyber breach to nuclear systems.
Van Dine argues that although Stuxnet was a precise weapon that targetted an illicit nuclear weapons program, it openned the door to future, indiscriminate attacks.
New NTI report identifies key priorities and actions needed to better secure nuclear facilities and outpace today's dynamic cyber threats.
NTI experts address the US-India nuclear security relationship and the need for focus on cyber threats to nuclear security at the Institute of Nuclear Materials Management Conference