Daily Management Review

Digitization Leads Nuclear Plants To Increased Risks Of Falling Prey To Cyber Attacks


The nuclear plants adapting digitization are being exposed to increasing risk of cyber attacks, while most do not have sufficient security measurements to cope with such situation.

Digitization Leads Nuclear Plants To Increased Risks Of Falling Prey To Cyber Attacks
According to a report, which has published by the “influential Chatham House think tank”, B.B.C informs that global nuclear power plants are vulnerable to "serious cyber attack". The said report also added that at present most nation do not possess well equipped “civil nuclear infrastructure” and are not in the position “to defend against such attacks”.  Due to the age factor, many control systems show a design based insecurity in their infrastructure.
During a time frame of eighteen months study, the report takes into consideration the cyber defence’s status “in power plants around the world”. Moreover, it also stated that:
“Cyber criminals, state-sponsored hackers and terrorists were all increasing their online activity... meaning that the risk of a significant net-based attack was ‘ever present’”.
Any such attack targeted towards a “nuclear plant” could set off a ‘radiating’ disaster that can prove fatal, while additionally it stated:
"...even a small-scale cyber security incident at a nuclear facility would be likely to have a disproportionate effect on public opinion and the future of the civil nuclear industry".
Furthermore, the study finds out that nuclear plant of U.K along with their “associated infrastructure(s)” are not “well protected” as the industry recently upgraded themselves “to digital systems”. The trend of growing “digitization” and “reliance on commercial software” are the key risk factors as appropriate security measures are not being established simultaneously.
The supposed “public internet and nuclear systems” “air gap” can be easily breached with only a flash drive, as “the destructive Stuxnet computer virus infected Iran's nuclear facilities via this route”. Consequently, “1,000 machines” “producing nuclear materials” were under the control of the worm which gave a self-destructing order to them.
In fact, links that connect public internet and “nuclear infrastructure networks” were also found by the investigating team. Moreover, the “search engines” also seek out links leading to “critical infrastructure(s)” “making it easy for attackers to find ways in to networks and control systems”. The Nuclear Industry Association’s Chief Executive, Keith Parker, stated:
"Security, including cyber security, is an absolute priority for power station operators.
"All of Britain's power stations are designed with safety in mind and are stress-tested to withstand a vast range of potential incidents. Power station operators work closely with national agencies such as the Centre for the Protection of National Infrastructure and other intelligence agencies to always be aware of emerging threats."
In the first conference held by the “International Atomic Energy Agency”, the issue of upcoming cyber threat was taken up, whereby the IAEA’s director, Yukiya Amano commented that “both random and targeted (cyber) attacks” were being made at the nuclear plants, while addressing at the conference, he also added that:
"Staff responsible for nuclear security should know how to repel cyber-attacks and to limit the damage if systems are actually penetrated”.
In Chatham House's “research director”, Patricia Lewis’ words:
"The nuclear industry is beginning - but struggling - to come to grips with this new, insidious threat”.