Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Countries Unprepared for Attacks on Nuclear Facilities: Report

Many countries are not prepared to handle cyberattacks targeting their nuclear facilities, according to a new report from the Nuclear Threat Initiative (NTI).

NTI is a non-partisan, non-profit organization that focuses on strengthening global security by reducing the risk of use and preventing the spread of chemical, biological and nuclear weapons.

Many countries are not prepared to handle cyberattacks targeting their nuclear facilities, according to a new report from the Nuclear Threat Initiative (NTI).

NTI is a non-partisan, non-profit organization that focuses on strengthening global security by reducing the risk of use and preventing the spread of chemical, biological and nuclear weapons.

The organization’s third Nuclear Security Index assesses the preparedness of countries when it comes to protecting their nuclear facilities against sabotage and cyber attacks.

The 2010 Stuxnet incident in Iran clearly demonstrated the threat posed by cyberattacks to nuclear facilities. However, according to the 2016 NTI Index, while some countries have started taking steps to protect nuclear facilities against hacker attacks, many still don’t have proper laws and regulations in place.

A cyberattack on a nuclear facility could have serious consequences, as it could be used to facilitate the theft of nuclear materials or to sabotage the facility.

“For example, access control systems could be compromised, thus allowing the entry of unauthorized persons seeking to obtain nuclear material or to damage the facility,” NTI said in its report. “Accounting systems could be manipulated so that the theft of material goes unnoticed. Reactor cooling systems could be deliberately disabled, resulting in a Fukushima-like disaster.”

NTI has determined that of the 24 countries with weapons-usable nuclear materials and the 23 states with nuclear facilities, only 13 deserve the maximum cybersecurity score of 4. These countries are the United States, Canada, the United Kingdom, Australia, Russia, Belarus, Taiwan, Bulgaria, Finland, France, the Netherlands, Switzerland, and Hungary.

On the other hand, 20 countries got the minimum score as they do not have even the basic requirements for protecting their nuclear facilities against attacks from cyberspace. Worryingly, some of the states that scored 0 have been expanding the use of nuclear power.

Advertisement. Scroll to continue reading.

These scores are based on the answers to a series of questions focusing on a state’s cyber security requirements for nuclear facilities, including protection for critical digital assets, inclusion of cyber threats in threat assessments, and the existence of a performance-based program.

Over the past two years, eight states have passed new laws and regulations or updated existing ones to strengthen cybersecurity requirements, which has resulted in improved scores in the NTI Index. The list includes the United Kingdom, Russia, France, South Africa and Pakistan.

“Given the potential consequences, all states must work aggressively to ensure that their nuclear facilities are protected from cyber attacks. Governments should include the cyber threat within the national threat assessment for their nuclear facilities, and they should put in place a clear set of laws, regulations, standards, and licensing requirements for all nuclear facilities that require protection of digital systems from cyber attacks,” NTI said. “At the facility level, leadership must prioritize cybersecurity, determine potential consequences, and implement a program that ensures that digital assets and networks are characterized and secured and that the security is routinely tested.”

A report released in October 2015 by Chatham House revealed that the global nuclear industry still doesn’t fully understand the risk posed by cyberattacks. The study, focusing on civil nuclear facilities, showed that this sector had fallen behind other industries.

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in the United States said earlier this month that of the 295 critical infrastructure incidents reported to the organization in the fiscal year 2015, two percent were recorded in the nuclear reactors, materials and waste sector.

Related: Nuclear Agency’s Cybersecurity Center Not Optimized

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Security Infrastructure

Security vendor consolidation is picking up steam with good reason. Everyone wants to improve security efficiency and effectiveness while paying for less.

Management & Strategy

Hundreds of companies are showcasing their products and services this week at the 2023 edition of the RSA Conference in San Francisco.

Cloud Security

The term ‘zero trust’ is now used so much and so widely that it has almost lost its meaning.

Security Infrastructure

Instead of deploying new point products, CISOs should consider sourcing technologies from vendors that develop products designed to work together as part of a...

Security Infrastructure

Comcast jumps into the enterprise cybersecurity business, betting that its internal security tools and inventions can find traction in an expanding marketplace.

Audits

The PCI Security Standards Council (SSC), the organization that oversees the Payment Card Industry Data Security Standard (PCI DSS), this week announced the release...

Security Infrastructure

XDR's fully loaded value to threat detection, investigation and response will only be realized when it is viewed as an architecture