Program Officer, Global Biological Policy and Programs
Global Action on Cybersecurity at Nuclear Facilities: Moving Beyond the Status Quo
Cyber threats to nuclear facilities are becoming more
sophisticated each day, and the technical capacity to address the threat
remains limited. This threat is global and undermines the security of nuclear
materials and facility operations.
Traditional nuclear security practices focus
primarily on preventing physical attacks—putting in place “guns, guards, and
gates” to prevent theft of materials to build a bomb or sabotage of a nuclear facility—with
the assumption that nuclear facilities are air-gapped and safe from traditional
cyber attacks. While physical security is of vital importance, the threat of a
cyber attack is escalating as is the technical means and capabilities of
All countries are vulnerable, and nuclear cybersecurity
practices have not kept pace with the threat. The 2016 NTI Nuclear Security
Index found that many countries are ill-prepared to protect nuclear facilities
against cyber attacks that could facilitate the theft of weapons-usable nuclear
materials or even cause a significant radiological release like the accident at
Fukushima. Much more needs to be done by governments and the private sector to
effectively secure and prevent the theft of nuclear materials or sabotage of
The paper discusses the 2016 NTI Nuclear Security Index
findings, identifies where gaps remain, and provides recommendations for
further global action. This paper also highlights actions taken at the 2016
Nuclear Security Summit and the 2016 Nuclear Industry Summit to advance the
dialogue on securing nuclear materials and facilities from cyber attack.
Read the full paper here.
Sign up for our newsletter to get the latest on nuclear and biological threats.
Sponsored by NTI and undertaken by the Institute for Security and Safety at the University of Brandenburg, this report identified a set of criteria that reflect the basic, minimum security measures and regulatory requirements necessary to protect nuclear facilities against cyber attacks.
The current, attack‐centric approach to computer security is incapable of adequately defending nuclear facilities. This paper introduces a new approach, vulnerability‐centric security, which enables nuclear facility operators to prevent successful cyber‐attacks while enhancing the day‐to‐day operation of their systems.
“The bottom line is that the countries and areas with the greatest responsibility for protecting the world from a catastrophic act of nuclear terrorism are derelict in their duty,” the 2023 NTI Index reports.