Nuclear facilities around the world are at risk of cyber-attack according to a new report from the think tank Chatham House.
'Cyber Security at Civil Nuclear Facilities: Understanding the Risks' is the result of an 18-month study that draws on in-depth interviews with 30 leading industry practitioners based in more than eight countries.
The report found that as facilities incorporate computer technology into their core systems, plant personnel may be unaware of how vulnerable they are to cyber-attack. This lack of awareness means that many plants are inadequately prepared to deal with potential attacks.
It says that there have already been a number of incidents of cyber interference in nuclear power stations which is expected to get worse with the ‘relentless rise’ in cyber-crime.
One of the most prominent examples was an attack on an Iranian nuclear facility in 2010 by the Stuxnet worm.
Tony Berning, senior manager at security firm, OPSWAT said that compromised portable media represents the greatest threat to nuclear systems because many are shut off from external networks such as the internet.
“As attacks become more sophisticated, and digital control systems increase in complexity and levels of automation, it is increasingly difficult to prevent threats from impacting the operation of critical infrastructure,” he said.
“Portable media is a primary vector for cyber-attack; it is often the only way to transport files to and from secure areas. As key attack vectors for malware, it is extremely important that extra attention is placed on securing the portable media devices that are brought in and out of a secure facility.”
Berning said the protection of critical infrastructure was essential but that effectively securing portable media devices was a difficult task and individual facilities may require unique security policies.
The report states that the cyber risk to nuclear facilities will require constant evaluation and response but the nuclear industry is only just beginning to come to grips with this ‘insidious threat’.