Nuclear sector not ready for cyber-attacks says report

The nuclear power industry must improve its readiness for cyber-attacks in the face of growing risk, a new report has found.

In an 18-month study which examined nuclear power plants and cyber-incidents worldwide, UK thinkthank Chatham House found that many plants across the globe are unprepared for large-scale cyber-attacks, while such attacks are increasingly likely to occur.

The report, Cyber Security at Civil Nuclear Facilities: Understanding the Risks, said nuclear plant operators are focused primarily on operational safety and the security of their plant’s physical infrastructure, resulting in a “culture of denial” about cybersecurity, which Chatham House said the industry has barely begun to deal with.  

The thinkthank’s survey of nuclear plants found risks included aging infrastructure, insecure design, increasing conversion to digital systems, and the growing use of commercial software without taking steps to boost its security – for example, many default passwords were left unchanged. In addition, virtual networks and links to the internet have allowed critical infrastructure-seeking search engines to provide hackers with a way in, while plant operators are often unaware of these vulnerabilities and believe that there is a so-called ‘air gap’ between the public internet and the plant’s network. However, the report called this a "myth".

If an attack does happen, the report found, most nations’ nuclear infrastructure is not well-prepared for the consequences.  

And it warned that "even a small-scale cybersecurity incident at a nuclear facility would be likely to have a disproportionate effect on public opinion and the future of the civil nuclear industry".

To mitigate the risks, the report's authors recommended developing cybersecurity guidelines for the nuclear industry, including an integrated risk assessment process that takes into account both security and safety measures; raising awareness in plant engineers, contractors and managers; enforcing and implementing cyber-safety rules; and encouraging universal adoption of regulatory standards.


Did You Like this Article? Get All the Energy Industry News Delivered to Your Inbox

Subscribe to an email newsletter today at no cost and receive the latest news and information.

 Subscribe Now


Making DDoS Mitigation Part of Your Incident Response Plan: Critical Steps and Best Practices

Like a new virulent strain of flu, the impact of a distributed denial of service (DDoS) attack is...

The Multi-Tax Challenge of Managing Excise Tax and Sales Tax

To be able to accurately calculate multiple tax types, companies must be prepared to continually ...

Operational Analytics in the Power Industry

Cloud computing, smart grids, and other technologies are changing transmission and distribution. ...

Maximizing Operational Excellence

In a recent survey conducted by PennEnergy Research, 70% of surveyed energy industry professional...