Cyber Threats & Nuclear Dangers
Serious cyber attacks on business are a global problems, but many other cyber issues present even greater problems. In particular, the threat to nuclear weapons systems, materials and facilities which are vulnerable to cyber attacks, sabotage and theft present a serious danger.
Cyber attacks on nuclear facilities are known to have occurred, perhaps the most well known being those directed against Iran's nuclear facility at Natanz which has been the target of a sequence of attacks, widely thought to originate from Israel. Other attempts at hacking, cyber attacks and other intrusions have gone unreported.
The International Atomic Energy Agency (IAEA) has identified three significant risk scenarios involving cyber attacks on civil nuclear facilities:
- A cyber attack that corrupts a civil nuclear facility’s command and control system, leading to the unauthorized removal of nuclear or another radioactive material. Such an attack would most likely be carried out by a terrorist organization, or by a criminal organisation wanting to blackmail a state or company.
- An act of cyber sabotage, which affects the normal functioning of a nuclear facility or other parts of the nuclear fuel cycle. States, terrorist organizations, political activists and criminals may all have an interest in this type of furtive cyber operation.
- An act of cyber espionage, which results in the collection and exploitation of sensitive nuclear information. This information might be used by a terror organisation, criminal or state willing to acquire, smuggle or use nuclear material or information for malicious purposes.
All three scenarios are feasible, although the first would be very challenging. To obtain ma- material a cyber attack would have to be com- combined with physical access to remove the mate- rial. Most likely physical access would involve an attack on the facility’s security forces, which would be risky and difficult .
A cyber attack leading to the launch of a nu- clear weapon is the ultimate nightmarish scenario- , and thankfully the one with the highest barriers to success. The number of actors that would be able to pull off an offensive and com- complex cyber attack is smaller than commonly assumed.
As cyber expert Thomas Rid has argued that the, “vulnerabilities have to be identified before they can be exploited; complex industrial sys- systems need to be understood first; and a sophisticated- attack vehicle may be so fine-tuned to one specific target configuration that a generic use may be difficult or impossible.” The core argument of Rid’s is that computer attacks, those which exclude crime, take place in three dimensions: sabotage, which can potentially damage machines or processes; espionage, both political and commercial; and subversion - activism or militancy online.
Compared to any traditional act of force, a cyber attack helps diminish rather than accentuate violence. In the context of sabotage or espionage, it is now possible to either directly target systems without human operators or to exfiltrate information and data from a target without necessary infiltrating human agents. In the context of subversion, the goal of a cyber attack is to undermine established authority in a non-violent way.
It is clear that although cyber war has not yet happened, it is likely to happen in the future. This is primarily because some cyber attacks can fulfill the criteria necessary to constitute an act of war which is as follows; inherently violent, political and instrumental. It is also the case that small acts of force, such as the tap of a keyboard can cause inconceivable violence.
Cyber attacks have the potential to induce a ‘cascade effect’ where all components of the trinity are damaged and thus seize the enemy through strategic paralysis. It is no longer a question of if cyber war will take place but rather a question of when it will take place.
You Might Also Read: