Tackling the Nuclear Cyber Threat

In a recent Wired magazine interview on the life-changing potential of artificial intelligence (AI), President Obama touched on a range of topics from self-driving cars to his childhood passion for Star Trek to why he won’t let Sunny and Bo lick him. 

He also expressed concern about an urgent threat that’s high on NTI’s list as well: the potential for a cyber nuclear attack. 

That would be bad enough. But Obama went on to describe an even greater concern:

President Obama is right to worry—not just about the cyber threat to nuclear weapons, but about cyber vulnerabilities in nuclear-related systems more broadly. NTI has been examining this precise threat over the past couple of years, and the results are troubling.

We first started to engage with the cyber-nuclear threat as part of the NTI Nuclear Security Index, a first-of-its-kind ranking of nuclear security conditions around the world. Given that a cyber-attack on a nuclear facility could cause physical consequences such as a radiation release on par with a safety or security incident, we felt it was important to include cyber security practices in this evaluation. As such, the 2016 edition of the NTI Index includes a brand-new indicator examining publicly available laws and regulations related to cyber practices at nuclear facilities. 

The Index found that of 47 states with more than 1kg of weapons-usable nuclear material or key facilities vulnerable to sabotage, 20—nearly half—had zero regulations whatsoever governing cyber security at nuclear facilities. 

In light of this, NTI launched two projects designed to evaluate the opportunities and capabilities of any hostile actor, state or non-state, to gain access to computer systems associated with the nuclear sector. The first, building from the NTI Index findings, seeks to identify priorities for a new, overarching strategy to guide the implementation of cyber security at nuclear facilities. Our discussions with experts in the field have led us to believe that the current strategy is too incremental. NTI will be releasing a fresh, forward-looking strategy to address the threat nuclear facilities face. 

The second project addresses the cyber threat to nuclear command-and-control systems—something President Obama mentioned specifically in his interview with Wired.  NTI has convened a high-level group of policy and military advisors to examine cyber vulnerabilities in these systems and recommend actions to reduce these threats. At this inaugural meeting in the fall, the discussions were wide-ranging. One thing all participants agreed on – the cyber threat is real and growing.

With one meeting in the books and more to come, we are excited about the potential for progress on this front. 

In Wired, President Obama left readers with words of hope. “That is what I love most about America, and why it continues to attract people from all around the world for all of the challenges that we face,” he said. “That spirit of, ‘Oh, we can figure this out.’”

Here at NTI, we’re trying to do our part to help figure this out. These two projects are just the beginning.