Cyberattacks on Nuclear Power Plants: How Worried Should We Be?
Cyberattacks on Nuclear Power Plants: How Worried Should We Be?
Atomic Pulse
Most of us by now have received the unwelcome news that our
email or Facebook account has been hacked or that our credit card data may have
been stolen. We’ve also seen news reports about government agencies or airlines,
banks or big-box stores dealing with cyber breaches.
Imagine waking up one day to the news that a terrorist group
had hacked into a nuclear power plant’s surveillance cameras or badge readers and
facilitated the theft of materials that could be used to build a bomb. Imagine learning
that a hacker had sabotaged a plant’s safety systems and caused a serious
radiological release. Imagine if anonymous hackers seized control of a nuclear plant’s
most critical systems and then held it hostage until their demands were met.
These scenarios are not Hollywood fantasies. Cyber threats
to nuclear facilities are real and growing – and unlike social media or even
credit card hacks, the consequences could be catastrophic.
To help governments, industry and international organizations
get ahead of the urgent and evolving threat, the Nuclear Threat Initiative
(NTI) has just released a new report, Outpacing
Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities, which lays out priorities for a new, overarching
strategy to protect nuclear facilities.
Such a strategy is more important than ever. Cyber incidents
at nuclear facilities are occurring with increasing frequency, and too few
countries have effective cybersecurity measures in place.
Recognizing
that, to be useful, our work must be grounded in technical realities, NTI
assembled an international group of technical and operational experts with
backgrounds in computer security, nuclear safety systems, nuclear engineering,
industrial control systems, and nuclear facility operations. This group was
tasked with identifying the core elements of a new strategy, focusing on those
elements that would have the greatest possible impact.
Over 12
months, the group identified four priorities that, if implemented, would
dramatically reduce the risk of damaging cyber-attacks on nuclear facilities. They
are:
Alone and in
combination, each of these priorities would provide unique leverage on the
threat posed to nuclear facilities and start making it possible for defenders
to actually get ahead of the cyber threat—not just respond to it.
Moving forward will require action on the part of
governments, regulators, industry, and international organizations alike. The
risk of a cyber-facilitated theft of nuclear material or sabotage of a nuclear
facility is simply too great to remain comfortable with the status quo.
The report marks a milestone in NTI’s work on the
intersection of cyber and nuclear security. We also are examining the
implications of cyber threats to nuclear weapons and related systems and
working on options for nuclear policies, postures, and doctrines to reduce
risks in that arena.
For a more
detailed explanation of the priorities in Outpacing
Cyber Threats and NTI’s recommendations for taking action, please visit www.nti.org/cyberpriorities. For
more on all of NTI’s cyber work, please visit us here.
*We know that “active defense” in some
industries means “hacking back” against an adversary. NTI does not advocate
“hacking back,” rather, we advocate a defense strategy where analysts monitor,
respond to, learn from, and apply their knowledge of threats internal to the network in order to detect,
block, and expel adversaries.
Sign up for our newsletter to get the latest on nuclear and biological threats.
Cyberattacks on Nuclear Power Plants: How Worried Should We Be?
Tackling the Nuclear Cyber Threat