Cybersecurity advice for the nuclear industry
Less complexity, an active defense, transformative research, and institutionalized cybersecurity should be nuclear industry’s key priorities to stem the rising tide of cyber threats.
The advice comes from an international group of ICS security experts, researchers and consultants, polled by the nonprofit Nuclear Threat Initiative (NTI).
“Cyberspace provides a new opportunity for determined adversaries to wreak havoc at nuclear facilities – possibly without ever setting foot on-site,” they noted in a recently released report.
“Cyberattacks could be used to facilitate the theft of nuclear materials or an act of sabotage that results in radiological release. A successful attack could have consequences that reverberate around the world and undermine global confidence in civilian nuclear power as a safe and reliable energy source. Given the risk and the stakes, governments and industry must increase their focus on the cyber threat.”
They want to see the nuclear industry apply lessons learned from institutionalizing safety and physical security to cybersecurity, recruit experts, demand more secure, less complex products from vendors, support the cybersecurity efforts of relevant organizations, initiate the development of active defense capabilities at the facility level, provide training, share information about threats, and develop cross-industry defense resources.
Inernational organizations should offer support, guidance (best practices, trainings), facilitate the sharing of threat information and provide platforms for discussion, as well as foster innovation in the field.
Finally, governments and regulators should find ways to draw talented people into the cyber-nuclear field and should add cyber experts to governmental and regulatory bodies, provide financial, personnel, and research support to efforts to minimize complexity in critical facility systems, invest in research (especially when it comes to defense strategies), and prioritize development and implementation of regulatory frameworks.
The report also includes an overview of current threats, as well as more details about some of the cyber incidents that have occurred at nuclear facilities around the world since 1990.