Technical Paper: Institutionalizing Cybersecurity at Nuclear Facilities

As part of our work to define a
set of overarching priorities for cybersecurity at nuclear facilities, the
Nuclear Threat Initiative commissioned a series of short technical papers to
outline areas that, if focused upon, would dramatically reduce the risk of
damaging cyberattacks in this space. In December 2016, NTI published a
report outlining four of these priorities and recommending first steps for
achieving them.

This paper, written by Anna Ellis of Indigon Consulting, provides greater detail on one of those priorities, Institutionalize Cybersecurity. Click here to view the paper in PDF form.

Introduction

There have been a number of recent cyberattacks on critical
infrastructure, including nuclear facilities, which have demonstrated publicly
that the cyber threat to nuclear facilities is real. Adversaries now have the
ability to carry out such attacks, and incremental improvements in defenses are
unlikely to be sufficient to ensure that an attack by a determined, adaptive
adversary would fail.

While existing security procedures are largely effective
against generic attacks and amateur hackers—the threat of greatest concern is
that posed by organized, determined groups that may target specific facilities.
Nation states and state-sponsored groups are developing ever more powerful
cyber weapons and terrorist organizations are also becoming increasingly
capable of launching damaging attacks.

For
nuclear facilities in particular, a successful cyber-attack, especially if
blended with a physical attack, could result in a catastrophic radiation
release with serious consequences for surrounding communities.