Technical Paper: Mounting an Active Cyber Defense in the Nuclear World

As part of our work to define a set of overarching priorities for cybersecurity at nuclear facilities, the Nuclear Threat Initiative commissioned a series of short technical papers to outline areas that, if focused upon, would dramatically reduce the risk of damaging cyberattacks in this space. In December 2016, NTI published a report outlining four of these priorities and recommending first steps for achieving them.

This paper provides greater detail on one of those priorities, Mount an Active Defense. Click here to view the paper in PDF form.


Recent high-profile cyberattacks have begun to shed light on the risks inherent in our hyper- connected world. Despite these warning shots, the world remains collectively exposed. The pace of digitization and the rise of complex, hyper-connected systems increase the likelihood of more damaging cyberattacks in the future. This presents the question: how can the benefits of digital technology be unlocked in a responsible way?

Today’s cyber threats are increasingly dangerous, and include sophisticated, target-focused attacks. These attacks often rely upon enduring vulnerabilities such as human behavior and practices. They can also utilize custom exploits and access gained through supply chain vulnerabilities, and have proven effective in compromising conventional cybersecurity defenses. Well-resourced, persistent adversaries can defeat even the most technologically advanced security solutions, meaning that responses must extend beyond technology and tools.

At a nuclear facility, such an attack could compromise sensitive information or manipulate security, safety, or automation systems, with potentially catastrophic consequences.

Disturbingly, cyberattacks against critical infrastructure now occur with such frequency that the discovery of remote-control malware in an infrastructure control network no longer rings alarm bells unless it is specifically targeted to that facility. This cultural shift to grudging acceptance of inadequate security measures is dangerous as it is often difficult (if not impossible) to determine the intent behind and full consequences (intended and unintended) of an attack.
December 7, 2016

This paper provides detail on one of NTI's cyber-nuclear security priorities: Mounting an active defense.

Michael Assante

Director of Industrial Control Systems, SANS Institute