Nuclear Facilities Have Poor Cyber Security

Uploaded on 2015-10-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Energy

According to Chatham House, the nuclear industry is falling behind other industries when facing cyber security.

A new report  reveals that civilian nuclear facilities are not paying adequate attention to developing “cyber security readiness”.

According to the executive summary of “Cyber Security at Civil Nuclear Facilities: Understanding the Risks“, the Royal Institute of International Affairs at well known think tank Chatham House conducted in-depth interviews with 30 industry practitioners, policy-makers, and academics over the past year in an effort to understand the intersection of physical security and cyber security at civilian nuclear facilities.

This report in part responds to the growing concern among some that hackers and terrorists could launch a digital attack against a nuclear facility, thereby threatening the public with radiation should a meltdown occur and/or potentially undermining popular confidence in civilian nuclear energy.

“Cyber security is still new to many in the nuclear industry,” said Caroline Baylon, the report’s author. “They are really good at safety and, after 9/11, they’ve got really good at physical security. But they have barely grappled with cyber.”

Through their interviews, researchers at Chatham House uncovered a number of “major challenges” confronting civilian nuclear facilities. One of the key problems identified in the report is the conventional belief that civilian nuclear facilities are protected against digital attacks as a result of their networks being air-gapped, or isolated from the public web. This perspective was proved false in 2010 when Stuxnet, a computer worm whose attack vectors were recently discovered to still be viable via the use of the vulnerability CVE-2015-0096, caused physical damage to the centrifuges at Iran’s Natanz nuclear facilities after being introduced via the use of a USB device.

Other challenges include the following:

  • A lack of training as well as communication breakdowns between engineers and security personnel means that personnel at nuclear facilities are not adequately knowledgeable about cyber security risks.
  • Many facilities adopt reactive and not proactive approaches to cyber security, which means that a nuclear facility might not detect an attack (if at all) until it is already under way.

Researchers at Chatham House go on to suggest in a blog post a number of recommendations that civilian nuclear facilities can use to improve their cyber security readiness. These include developing procedures that allow them to measure cyber security risk, implementing ongoing employee awareness training, and creating rules that promote “IT hygiene.”

Tripwire

 

« CyberCollaborate Platform Promotes Access to UK Cyber Security Innovators
The Blockchain Might Be The Next Disruptive Technology »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CIO

CIO

CIO provides technology and business leaders with insight and analysis on information technology trends

Synology

Synology

Synology provides high-performance, reliable, and secure Network Attached Storage (NAS) products.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

Regulus Cyber

Regulus Cyber

Regulus enables drones, robots and autonomous vehicles to operate safely, without malicious or accidental interference to the operation of their mission.

Comarch

Comarch

Comarch is a provider of IT business solutions to optimize operational and business processes. Cyber security solutions are focused on Identity Management and Security Assessment services.

Hallam-ICS

Hallam-ICS

Hallam-ICS designs MEP systems for facilities and plants, control and automation solutions, and ensures safety and regulatory compliance.

Cube 5

Cube 5

The Cube 5 incubator, located at the Horst Görtz Institute for IT Security (HGI), supports IT security startups and people interested in starting a business in IT security.

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum is a catalyst platform designed to create a more resilient and better cyberworld for all.

SecureData

SecureData

SecureData provide professional data recovery services, digital forensics, data recovery software and FIPS 140-2 Level 3 Validated hardware encrypted drives.

Scrut Automation

Scrut Automation

Scrut Automation's mission is to make compliance less painful and time consuming, so that businesses can focus on running their business.

Hub71

Hub71

Hub71 is a world-class tech ecosystem opening doors to global opportunities from an optimal business environment for entrepreneurial-minded innovators.

Northrop Grumman

Northrop Grumman

Northrop Grumman is a global provider and integrator of complex, advanced and rapidly adapting information technology, cybersecurity, mobility and optimized services and solutions.

RapidSpike

RapidSpike

RapidSpike is the only website monitoring solution that focuses all three key aspects of website health: performance, reliability AND security.

WireGuard

WireGuard

WireGuard is a communication protocol and free and open-source software that implements encrypted virtual private networks (VPNs).

SGS Brightsight

SGS Brightsight

SGS Brightsight is the largest independent security evaluation lab in the world, with ten recognised labs worldwide.