Paper

Technical Paper: Mounting an Active Cyber Defense in the Nuclear World

Technical Paper: Mounting an Active Cyber Defense in the Nuclear World

Save to My Resources

Want to dive deeper?

Visit the Education Center

Michael Assante

Director of Industrial Control Systems, SANS Institute

As part of our work to define a
set of overarching priorities for cybersecurity at nuclear facilities, the
Nuclear Threat Initiative commissioned a series of short technical papers to
outline areas that, if focused upon, would dramatically reduce the risk of
damaging cyberattacks in this space. In December 2016, NTI published a
report
outlining four of these priorities and recommending first steps for
achieving them.

This paper provides greater
detail on one of those priorities, Mount an Active Defense. Click here to view the paper in PDF form.

Introduction

Recent high-profile cyberattacks
have begun to shed light on the risks inherent in our hyper- connected world.
Despite these warning shots, the world remains collectively exposed. The pace
of digitization and the rise of complex, hyper-connected systems increase the
likelihood of more damaging cyberattacks in the future. This presents the
question: how can the benefits of digital technology be unlocked in a
responsible way?

Today’s cyber threats are
increasingly dangerous, and include sophisticated, target-focused attacks. These attacks
often rely upon enduring vulnerabilities such as human behavior and practices.
They can also utilize custom exploits and access gained through supply chain
vulnerabilities, and have proven effective in compromising conventional
cybersecurity defenses. Well-resourced, persistent adversaries can defeat even
the most technologically advanced security solutions, meaning that responses
must extend beyond technology and tools.

At a nuclear facility, such an
attack could compromise sensitive information or manipulate security, safety,
or automation systems, with potentially catastrophic consequences.

Disturbingly,
cyberattacks against critical infrastructure now occur with such frequency that
the discovery of remote-control malware in an infrastructure control network no
longer rings alarm bells unless it is specifically targeted to that facility. This cultural
shift to grudging acceptance of inadequate security measures is dangerous as it
is often difficult (if not impossible) to determine the intent behind and full
consequences (intended and unintended) of an attack.

Stay Informed

Sign up for our newsletter to get the latest on nuclear and biological threats.

Sign Up




Close

My Resources