Nuclear Facilities Have Poor Cyber Security

According to Chatham House, the nuclear industry is falling behind other industries when facing cyber security.

A new report  reveals that civilian nuclear facilities are not paying adequate attention to developing “cyber security readiness”.

According to the executive summary of “Cyber Security at Civil Nuclear Facilities: Understanding the Risks“, the Royal Institute of International Affairs at well known think tank Chatham House conducted in-depth interviews with 30 industry practitioners, policy-makers, and academics over the past year in an effort to understand the intersection of physical security and cyber security at civilian nuclear facilities.

This report in part responds to the growing concern among some that hackers and terrorists could launch a digital attack against a nuclear facility, thereby threatening the public with radiation should a meltdown occur and/or potentially undermining popular confidence in civilian nuclear energy.

“Cyber security is still new to many in the nuclear industry,” said Caroline Baylon, the report’s author. “They are really good at safety and, after 9/11, they’ve got really good at physical security. But they have barely grappled with cyber.”

Through their interviews, researchers at Chatham House uncovered a number of “major challenges” confronting civilian nuclear facilities. One of the key problems identified in the report is the conventional belief that civilian nuclear facilities are protected against digital attacks as a result of their networks being air-gapped, or isolated from the public web. This perspective was proved false in 2010 when Stuxnet, a computer worm whose attack vectors were recently discovered to still be viable via the use of the vulnerability CVE-2015-0096, caused physical damage to the centrifuges at Iran’s Natanz nuclear facilities after being introduced via the use of a USB device.

Other challenges include the following:

  • A lack of training as well as communication breakdowns between engineers and security personnel means that personnel at nuclear facilities are not adequately knowledgeable about cyber security risks.
  • Many facilities adopt reactive and not proactive approaches to cyber security, which means that a nuclear facility might not detect an attack (if at all) until it is already under way.

Researchers at Chatham House go on to suggest in a blog post a number of recommendations that civilian nuclear facilities can use to improve their cyber security readiness. These include developing procedures that allow them to measure cyber security risk, implementing ongoing employee awareness training, and creating rules that promote “IT hygiene.”

Tripwire

 

« CyberCollaborate Platform Promotes Access to UK Cyber Security Innovators
The Blockchain Might Be The Next Disruptive Technology »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

TBG Security

TBG Security

TBG provides a portfolio of services including cyber security, compliance and continuity solutions.

Feitian Technologies

Feitian Technologies

Feitian Technologies provides authentication and transaction security products for financial institutions, telecoms, government and leading business enterprises.

Bulletproof Cyber

Bulletproof Cyber

Bulletproof offer a range of security services, from penetration testing and vulnerability assessments to 24/7 security monitoring, and consultancy.

CERT Syria

CERT Syria

CERT Syria is the national Computer Emergency Response Team for Syria.

ObjectSecurity

ObjectSecurity

ObjectSecurity is a leader in authorization policy automation. With OpenPMF, you can manage application security policies for access control and auditing.

Sensible Vision

Sensible Vision

SensibleVision helps organizations transparently protect data and prevent costly security breaches by constantly verifying the identities of people who use computers or mobile devices.

Cyber Security Audit Corp (C3SA)

Cyber Security Audit Corp (C3SA)

C3SA specializes in architecting, operating, managing and improving defensible and resilient IT infrastructures for Canada's public and private sectors.

STM

STM

STM provides system engineering, technical support, project management, technology transfer and logistics support services for the Turkish Armed Forces.

PureCyber

PureCyber

PureCyber (formerly Wolfberry Cyber) is an award-winning cyber security consultancy whose goal it is to make cyber security accessible, understandable, and affordable for any organisation.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

Port53 Technologies

Port53 Technologies

Port53 Technologies is focused on delivering enterprise-grade, cloud-delivered security solutions that are easy to deploy, simple to manage and extremely effective.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

Cypress Data Defense

Cypress Data Defense

Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.

Sentryc

Sentryc

Sentryc provides automated monitoring of brands on online marketplaces and social media making online brand protection processes faster, more clearly structured and more efficient.

NewEvol

NewEvol

Don’t React, Evolve! Outsmart threats with real-time AI-powered dynamic defense capability of NewEvol all-in-one cybersecurity platform.