Cyberattacks on Nuclear Power Plants: How Worried Should We Be?
Cyberattacks on Nuclear Power Plants: How Worried Should We Be?
Atomic Pulse
In a recent Wired magazine interview on the life-changing potential of artificial intelligence (AI), President Obama touched on a range of topics from self-driving cars to his childhood passion for Star Trek to why he won’t let Sunny and Bo lick him.
He also expressed concern about an urgent threat that’s high on NTI’s list as well: the potential for a cyber nuclear attack.
“Let me start with what I think is the more immediate concern—it’s a solvable problem in this category of specialized AI, and we have to be mindful of it. If you’ve got a computer that can play Go, a pretty complicated game with a lot of variations, then developing an algorithm that lets you maximize profits on the New York Stock Exchange is probably within sight. And if one person or organization got there first, they could bring down the stock market pretty quickly, or at least they could raise questions about the integrity of the financial markets.”
That would be bad enough. But Obama went on to describe an even greater concern:
“Then there could be an algorithm that said, “Go penetrate the nuclear codes and figure out how to launch some missiles.” If that’s its only job, if it’s self-teaching and it’s just a really effective algorithm, then you’ve got problems. I think my directive to my national security team is, don’t worry as much yet about machines taking over the world. Worry about the capacity of either non-state actors or hostile actors to penetrate systems.”
President Obama is right to worry—not just about the cyber threat to nuclear weapons, but about cyber vulnerabilities in nuclear-related systems more broadly. NTI has been examining this precise threat over the past couple of years, and the results are troubling.
We first started to engage with the cyber-nuclear threat as part of the NTI Nuclear Security Index, a first-of-its-kind ranking of nuclear security conditions around the world. Given that a cyber-attack on a nuclear facility could cause physical consequences such as a radiation release on par with a safety or security incident, we felt it was important to include cyber security practices in this evaluation. As such, the 2016 edition of the NTI Index includes a brand-new indicator examining publicly available laws and regulations related to cyber practices at nuclear facilities.
The Index found that of 47 states with more than 1kg of weapons-usable nuclear material or key facilities vulnerable to sabotage, 20—nearly half—had zero regulations whatsoever governing cyber security at nuclear facilities.
In light of this, NTI launched two projects designed to evaluate the opportunities and capabilities of any hostile actor, state or non-state, to gain access to computer systems associated with the nuclear sector. The first, building from the NTI Index findings, seeks to identify priorities for a new, overarching strategy to guide the implementation of cyber security at nuclear facilities. Our discussions with experts in the field have led us to believe that the current strategy is too incremental. NTI will be releasing a fresh, forward-looking strategy to address the threat nuclear facilities face.
The second project addresses the cyber threat to nuclear command-and-control systems—something President Obama mentioned specifically in his interview with Wired. NTI has convened a high-level group of policy and military advisors to examine cyber vulnerabilities in these systems and recommend actions to reduce these threats. At this inaugural meeting in the fall, the discussions were wide-ranging. One thing all participants agreed on – the cyber threat is real and growing.
With one meeting in the books and more to come, we are excited about the potential for progress on this front.
In Wired, President Obama left readers with words of hope. “That is what I love most about America, and why it continues to attract people from all around the world for all of the challenges that we face,” he said. “That spirit of, ‘Oh, we can figure this out.’”
Here at NTI, we’re trying to do our part to help figure this out. These two projects are just the beginning.
Sign up for our newsletter to get the latest on nuclear and biological threats.
Cyberattacks on Nuclear Power Plants: How Worried Should We Be?
Outpacing Cyber Hackers: Priorities to Prevent Catastrophic Cyberattacks on Nuclear Facilities