Growing cyber threat on nuclear facilities
October 6, 2015
Operators of nuclear power plants around the world are struggling to respond to the rising threat posed by cyberattacks from hacktivists, terrorist groups, foreign states and cyber criminals, according to report released Monday by the British think tank Chatham House.
"As cyber criminals, states and terrorist groups increase their online activities, the fear of a serious cyberattack is ever present," said the report, the result of 18 months of research. "This is of particular concern because of the risk - even if remote - of a release of ionizing radiation as a result of such an attack."
The report suggested that even a small cyber security incident or shutting off the power "would be likely to have a disproportionate effect on public opinion and the future of the civil nuclear industry."
The nuclear industry has paid more attention to physical protection than cyber security and as a result "exploiting weaknesses in digital technology could be the most attractive route for those seeking to attack nuclear facilities," the report said.
The Stuxnet worm attack - believed to be developed by the United States and Israel - on Iran's Natanz nuclear enrichment facility and Bushehr nuclear power plant heralded a new era in cyber threats to nuclear facilities and showed that facilities are vulnerable from a variety of sources, the report said.
The Stuxnet worm destroyed about 1,000 centrifuges in Iran, and is also suspected to have attacked a Russian facility in 2010. The report noted that cyber criminals are now able to copy the advanced malware of Stuxnet giving them greater sophistication.
"There is a pervading myth that nuclear facilities are 'air gapped' - or completely isolated from the public Internet - and that this protects them from cyberattack," said Chatham House, adding the case of Stuxnet has shown so-called air gaps can be overcome with a flash drive.
Nuclear facilities increasingly have private networks and connections that can be breached by a cyberattack. A cyber attacker could access a nuclear operator's outside network in order to work their way unnoticed into the digital world of the nuclear facility. Attackers could also enter a network through vulnerable supply chains in equipment used at a facility.
In addition to Stuxnet, there have been several other reports of nuclear facilities being hit by cyberattacks, which the study suggests represents the "visible part of a much more serious problem."