Cybersecurity at Nuclear Facilities – Now or Never
Cybersecurity Threats at Nuclear Facilities
The safety and security of nuclear facilities should be a top priority for both the public and private sector alike. Nuclear plants are primary targets for adversaries seeking to create multilateral disruptions. A successful nuclear spill shuts down the energy source at a minimum. However, on the other end of the spectrum could kill a lot of people in a wide-area around the facility.
For years, the government has provided leadership in community preparedness and safety policies around and in these facilities. Though enhancements to physical security are important, it is time to put a primary focus on improving cybersecurity measures. Nuclear facilities have grown to rely on digitally connected networks that are highly susceptible to cyber-attacks. They are now home to some of the country’s most sensitive data and technology. Meaning, unauthorized access may cause (or lead to) a spill that could be catastrophic.
A successful cyber-attack would advantage hackers with the opportunity to create mayhem without ever stepping foot on-site. Just think, exploiting one vulnerability could trigger a meltdown or system failure allowing a nuclear release. This is a consequence neither the government, private sector or citizen can allow to ever occur.
Several national and international organizations have collaborated to strengthen cybersecurity efforts at nuclear facilities, but seemingly have fallen short. However, the first step in solving any problem is admitting it exists. In this regard, it appears the good guys are on the right track.
The Nuclear Threat Initiative (NTI) gathered a group of experts with various technological and operational backgrounds to create a strategy to reduce risk in this area. Their efforts were aimed at addressing the evolving threats to nuclear facilities. Over the course of 12 months, they identified 3 main priorities and actions that would significantly reduce the number of successful cyber-attacks jeopardizing nuclear facility safety (and the people working in them).
- Proactive Defense: Cybersecurity breaches are inevitable. As we know, it’s not a matter of IF, but WHEN they occur. But there is a significant difference between the companies, facilities, and/or people who are prepared versus those who are not. Having an immediate response in place after a breach occurs is crucial, it may determine the amount of nuclear material stolen or the number of people that’ll be affected. However, the global shortage of cybersecurity and technical professionals hinders the ability to create these proactive defenses. Incorporating STEM programs in elementary and middle schools is a start but grasping the attention of young professionals should take priority.
- Reducing complexity: As mentioned before, nuclear facilities rely on a system of digitally connected networks that are often not completely up-to-date. Though eliminating the entire digital framework is not feasible, identifying excess functionalities and removing them is a start. In addition, working with vendors to transition to non-digital systems and secure-by-design products can ensure the average non-technical cybersecurity employee feels well-equipped and in control should a security emergency arise.
- Encourage Transformation: The reality of cyber threats is a rather new phenomenon for the average person in the global community. Though there are cybersecurity specialists and others who understand the complexity of what’s at stake, many do not. Therefore, it’s imperative for both the private and public sectors to fund educational workshops that discuss the varying technologies and threats surrounding them. Cybersecurity is not a one-man job – in fact, it’s one of the few jobs that falls onto everyone’s lap. The cyber-nuclear field demands highly qualified individuals, but the only way to get them is to invite to be part of the conversation.
It is Now or Never
Clearly, we need to make progress as partners, both in the United States and across the globe. From the hack of Korea Hydro and Nuclear Power in South Korea to the Stuxnet attacks on the Natanz uranium enrichment facility in Iran, we have seen the talent and determination of hackers. They will eventually get access to their target and will not stop until they do. Now, knowing these sophisticated cybercriminals will continue to be one step ahead, we should be working twice as hard to mitigate vulnerabilities and minimize consequences. It makes too much common sense.
Yes, it is true. Cybersecurity efforts must be taken seriously across all critical infrastructures; but especially at nuclear facilities. If not, the consequences can be explosive, literally. Nuclear energy being the face of our future, so it is important to build and maintain a cyber-physical approach to managing risks. The number of hackers with malicious intentions will undoubtedly increase as we continue to make security improvements at nuclear facilities. The question is, will the good guys or the hackers meet their goals first? Or, will we keep dragging our feet and hope hacktivist overlook this ripe target as they look for their next victim or cause?