‘Risk of cyber-attacks on nuclear plants on the rise’
06 Oct 2015
The risk of a "serious cyber-attack" on nuclear power plants around the world is growing, warns a report.
The civil nuclear infrastructure in most nations is not well prepared to defend against such attacks, the report published by the influential Chatham House think tank said.
Many of the control systems for the infrastructure were "insecure by design" because of their age, it said.
The report studied cyber defences in power plants around the world over an 18-month period.
Cyber criminals, state-sponsored hackers and terrorists were all increasing their online activity, it said, meaning that the risk of a significant net-based attack was "ever present".
Such an attack on a nuclear plant, even if small-scale or unlikely, needed to be taken seriously because of the harm that would follow if radiation were released.
In addition, it said "even a small-scale cyber security incident at a nuclear facility would be likely to have a disproportionate effect on public opinion and the future of the civil nuclear industry".
Unfortunately, research carried out for the study showed that the UK's nuclear plants and associated infrastructure were not well protected or prepared because the industry had converted to digital systems relatively recently.
This increasing digitisation and growing reliance on commercial software is only increasing the risks the nuclear industry faces.
There was a "pervading myth" that computer systems in power plants were isolated from the internet at large and because of this were immune to the kind of cyber attacks that have dogged other industries.
However, it said, this so-called "air gap" between the public internet and nuclear systems was easy to breach with "nothing more than a flash drive".
It noted that the destructive Stuxnet computer virus infected Iran's nuclear facilities via this route (See: Russian scientists raise alarm over Stuxnet damage at Iran's Bushehr N plant).