Page Stoutland, Ph.D.
Consultant, Scientific and Technical Affairs
Cyber threats to nuclear materials and nuclear facilities are becoming more sophisticated every day, and the global capacity to address the threat is limited.
Working with some of the world’s top experts as well as stakeholders, to develop priorities for a new strategy to protect nuclear facilities from cyberattacks.
A set of ambitious, forward-leaning priorities and recommendations to dramatically reduce the risk of damaging cyberattacks on nuclear facilities, with further guidance to come.
What if a hacker shut down the security system at a nuclear materials storage facility, giving access to terrorists seeking highly enriched uranium to build a bomb? What if cyber-terrorists seized control of operations at a nuclear power plant—enabling a Fukushima-scale meltdown? Or what if a hacker group opposed to nuclear energy stole highly sensitive data from a nuclear facility and held it hostage until they were paid a ransom?
Traditional nuclear security practices have focused on preventing physical attacks—putting in place “guns, guards, and gates” to prevent the theft of materials to build a bomb and the sabotage of a nuclear facility.
Governments and industry have made important progress in this “traditional” nuclear security arena, but the threat of a cyberattack is escalating, and all countries and all nuclear facilities are vulnerable. Malware already has been found in systems at facilities all over the world—in some cases, it was maliciously inserted; in others, it simply wound up there by accident.
To assess the impact of the cyber threat on nuclear security and to contribute to efforts to get ahead of the threat, NTI convened an international group of technical and operational experts with backgrounds in computer security, nuclear safety systems, nuclear engineering, industrial control systems, and nuclear facility operations. The group concluded that the combination of extremely limited technical capacity in this area, the current practice of making incremental change, and the ever-evolving nature of offensive actors in cyberspace means there is a need to re-think the current approach to cybersecurity at nuclear facilities.
NTI’s first milestone toward defining a new approach is a report from this expert group, Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities. Released in December 2016 on the margins of the International Atomic Energy Agency’s International Conference on Nuclear Security, the report outlines priorities and recommendations that would dramatically reduce the risk of damaging cyberattacks on nuclear facilities. The priorities are: Institutionalize Cybersecurity, Mount an Active Defense, Reduce Complexity, and Pursue Transformation.
In addition, to identifying priorities for cyber security at nuclear facilities, NTI has created the Cyber-Nuclear Forum to enhance the capabilities of cyber-nuclear security experts at nuclear facilities. Further information is available here.
NTI joins the 2018 Paris Call for Trust and Security in Cyberspace, designed to develop norms and heighten security of critical infrastructure.