Global Nuclear Facilities 'at risk' of Cyber Attack
The civil nuclear infrastructure in most nations was not well prepared to defend against such attacks
The risk of a "serious cyber attack" on nuclear power plants around the world is growing, warns a report. The civil nuclear infrastructure in most nations is not well prepared to defend against such attacks, it added. Many of the control systems for the infrastructure were "insecure by design" because of their age, it said.
Published by the influential Chatham House think tank, the report studied cyber defences in power plants around the world over an 18-month period.
Cyber criminals, state-sponsored hackers and terrorists were all increasing their online activity, it said, meaning that the risk of a significant net-based attack was "ever present". Such an attack on a nuclear plant, even if small-scale or unlikely, needed to be taken seriously because of the harm that would follow if radiation were released.
In addition, it said "even a small-scale cyber security incident at a nuclear facility would be likely to have a disproportionate effect on public opinion and the future of the civil nuclear industry".
Unfortunately, research carried out for the study showed that the UK's nuclear plants and associated infrastructure were not well protected or prepared because the industry had converted to digital systems relatively recently.
This increasing digitisation and growing reliance on commercial software is only increasing the risks the nuclear industry faces. There was a "pervading myth" that computer systems in power plants were isolated from the Internet at large and because of this were immune to the kind of cyber attacks that have dogged other industries.
However, it said, this so-called "air gap" between the public Internet and nuclear systems was easy to breach with "nothing more than a flash drive". It noted that the destructive Stuxnet computer virus infected Iran's nuclear facilities via this route.
The researchers for the report had also found evidence of virtual networks and other links to the public Internet on nuclear infrastructure networks. Some of these were forgotten or simply unknown to those in charge of these organisations.
Already search engines that sought out critical infrastructure had indexed these links making it easy for attackers to find ways in to networks and control systems.
BBC: http://bbc.in/1WHz3xp