National Safety Month is a great time to reevaluate your organization’s cybersecurity strategy. The nuclear industry is particularly at risk when it comes to safety risks associated with cybersecurity. Cyber attacks and other security risks have quickly become a top concern of nuclear facility managers and personnel. The growing threat of cyber espionage and even sabotage is very real, and nuclear power plants are a natural target. In fact, it has become clear that nuclear plants are under even more cybersecurity risk than was expected, in part due to inadequate security measures.
Here’s what you need to know about cyber attacks on nuclear facilities in the modern age.
Nuclear Facilities Targeted
Recent years have seen a dramatic rise in advanced cyber attacks. The Stuxnet worm of 2010 resulted in a highly dramatic infiltration of Iran’s nuclear program. 2003 saw the infection of the Ohio based Davis-Besse nuclear power plant by the Slammer worm, resulting in reactor core safety data becoming unavailable for several hours. More recently, in 2014, cybercriminals hacked into and stole blueprints of at least two nuclear reactors amongst other sensitive data from the Korea Hydro and Nuclear Power Co. The information was in turn held for ransom.
In a series of interviews of 30 nuclear industry experts, researchers from the Royal Institute of International Affairs’ Chatham House found that the nuclear industry is not prepared to deal with the threat of wide-spread cyber attack. In the United States, an attack that takes out two to three power plants would result in major blackouts. In countries like France, where larger portions of the population depend on nuclear-generated electricity, the issue is even more pressing.
Typical power plant personnel do not understand cybersecurity procedures, in part because of a lack of training and clearly written protocols. Regular participation in cybersecurity drills is also quite rare. Across the board, it has become clear that digital security systems have been adopted late, in part due to regulatory restrictions and the high cost of equipment and upgrades. The shift in focus from physical safety and security to digital protection is one that has proven to take more time than was initially projected.
It has become increasingly clear that in order to prepare for the worst-case scenario of the release of radioactive material, sweeping industry changes must be implemented. Though such a cyber attack may not be an immediate threat, with the growing capabilities of well-financed terrorist groups such as ISIS and various hacker-for-hire companies found across the globe, these threats need to be taken seriously. Cyber vulnerabilities need to be identified and responded to within the nuclear sector on a prioritized basis. If they are not, then it really is only a matter of time before the worst takes place. Without swift and widespread action, the nuclear industry may not only remain exposed but will also fall behind the times as digital security becomes more prevalent and necessary.
ESGI – Find the Best Talent for Your Team