Global Nuclear Facilities 'at risk' of Cyber Attack

Uploaded on 2015-10-12 in INTELLIGENCE--International, FREE TO VIEW, BUSINESS-Production-Energy, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

The civil nuclear infrastructure in most nations was not well prepared to defend against such attacks

The risk of a "serious cyber attack" on nuclear power plants around the world is growing, warns a report. The civil nuclear infrastructure in most nations is not well prepared to defend against such attacks, it added. Many of the control systems for the infrastructure were "insecure by design" because of their age, it said.

Published by the influential Chatham House think tank, the report studied cyber defences in power plants around the world over an 18-month period.

Cyber criminals, state-sponsored hackers and terrorists were all increasing their online activity, it said, meaning that the risk of a significant net-based attack was "ever present". Such an attack on a nuclear plant, even if small-scale or unlikely, needed to be taken seriously because of the harm that would follow if radiation were released.

In addition, it said "even a small-scale cyber security incident at a nuclear facility would be likely to have a disproportionate effect on public opinion and the future of the civil nuclear industry".

Unfortunately, research carried out for the study showed that the UK's nuclear plants and associated infrastructure were not well protected or prepared because the industry had converted to digital systems relatively recently.

This increasing digitisation and growing reliance on commercial software is only increasing the risks the nuclear industry faces. There was a "pervading myth" that computer systems in power plants were isolated from the Internet at large and because of this were immune to the kind of cyber attacks that have dogged other industries.

However, it said, this so-called "air gap" between the public Internet and nuclear systems was easy to breach with "nothing more than a flash drive". It noted that the destructive Stuxnet computer virus infected Iran's nuclear facilities via this route.

The researchers for the report had also found evidence of virtual networks and other links to the public Internet on nuclear infrastructure networks. Some of these were forgotten or simply unknown to those in charge of these organisations.

Already search engines that sought out critical infrastructure had indexed these links making it easy for attackers to find ways in to networks and control systems.
BBC: http://bbc.in/1WHz3xp

« GCHQ Can Hack My Smartphone Using a Bunch of Smurfs
UK Police Ignore Most Cyber Crime »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Security Stronghold

Security Stronghold

Security Stronghold is focused on protecting computers from malicious programs like viruses, Trojans, spyware, adware, trackware, keyloggers and other kinds of online threats.

Steptoe & Johnson

Steptoe & Johnson

Steptoe is an international law firm with offices in the USA, Europe and China. Practice areas include Cybersecurity, Privacy & National Security.

Team8

Team8

Team8 is Israel’s most prestigious cybersecurity think tank and venture creation foundry.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

TeachPrivacy

TeachPrivacy

TeachPrivacy provides computer-based privacy and data security training that is engaging, memorable, and understandable.

Cognni

Cognni

Cognni (formerly Shieldox) will make your InfoSec think like a human, right out of the box, so you can focus on the bigger picture, keeping the information flow safe.

ISARA Corp

ISARA Corp

ISARA Corporation is a security solutions company specializing in creating class-defining quantum-safe cryptography for today's computing ecosystems.

Bitfury Group

Bitfury Group

Bitfury Group is the largest full-service blockchain technology company in the world.

972VC

972VC

972VC was created to help entrepreneurs find potential funding for their startups. Your guide to the Israeli startup funding ecosystem.

Cyber Gate Defense (CyberGate)

Cyber Gate Defense (CyberGate)

CyberGate is an Emirati establishment founded with an objective to provide cyber security services that would improve the overarching cyber security posture of the UAE.

OnSecurity

OnSecurity

OnSecurity replaces the overhead of traditional penetration testing firms with a simple online interface, making it easy to book tests as and when needed.

Apono

Apono

Apono enables DevOps and security teams to manage access to sensitive cloud assets and data repositories in a frictionless and compliant way.

Harbottle & Lewis

Harbottle & Lewis

Harbottle & Lewis is a leading UK-based law firm focused on the Private Client and Technology, Media and Entertainment sectors.

PCCW Global

PCCW Global

PCCW Global is a leading communications service provider, offering mobility, voice and data solutions to multinational enterprises, telecomms partners, cloud and application service providers.

Parablu

Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise.

InfoSecTrain

InfoSecTrain

InfoSecTrain are a leading training and consulting organization dedicated to providing top-tier IT security training and information security services to organizations and individuals across the globe