Page Stoutland, Ph.D.
Consultant, Scientific and Technical Affairs
As part of our work to define a
set of overarching priorities for cybersecurity at nuclear facilities, the
Nuclear Threat Initiative commissioned a series of short technical papers to
outline areas that, if focused upon, would dramatically reduce the risk of
damaging cyberattacks in this space. In December 2016, NTI published a
report outlining four of these priorities and recommending first steps for
achieving them.
This paper provides greater
detail on one of those priorities, Reduce Complexity. Click here to view the paper in PDF form.
Introduction
Cyber threats are increasingly one of the major threat
facing governments and industrial facility operators. One of the foundational
issues that makes protection from such attacks increasingly difficult is the
complexity of today’s networks and systems.
Driven
by the auto industry in the early 1970s, digital automation of complex
industrial environments started with comparatively simple digital devices
capable of replacing hard-wired relay systems utilized on assembly lines. As
much of the automotive process required annual changes, Programmable Logic Controllers
(PLC) were used to modify configurations. Compelled by a desire for
flexibility, initially simple systems became increasingly complex.
The
subsequent rush to digitally automate everything from component creation to
facility security created a culture of solution providers and systems
integrators who, driven by an enthusiastic pursuit of efficiency gains and
possessing a solid belief in latent capability as a hedge against future
requirements, spread their message rapidly across multiple sectors including
the nuclear sector.
Significant
benefits were realized through this digital expansion including reduced
hardware, labor, wiring, and cabinet space, as well as quick process changes,
and embedded system diagnostics. While digitization and increasing levels of
complexity have brought many benefits, they also increasingly represent key
challenges in ensuring that critical systems are resilient under cyberattack.
Sign up for our newsletter to get the latest on nuclear and biological threats.
Nuclear and tech experts know that all digital systems are at risk for cyberattacks—including nuclear weapons systems.
This paper by Michelle Nalabandian, Alexandra Van Dine, and Page Stoutland highlights steps governments can take to protect nuclear facilities from cyber threats.
Report highlights the threat posed to nuclear facilities from cyber-attacks & the lack of adequate legal and institutional protections for such facilities.