Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Experts Propose Cybersecurity Strategy for Nuclear Facilities

Institutionalizing cybersecurity, reducing complexity, active defenses and transformative research should be a priority in reducing the risk of damaging cyberattacks at nuclear facilities, according to the Nuclear Threat Initiative (NTI).

Institutionalizing cybersecurity, reducing complexity, active defenses and transformative research should be a priority in reducing the risk of damaging cyberattacks at nuclear facilities, according to the Nuclear Threat Initiative (NTI).

While the Stuxnet attacks aimed at Iran are the most well-known, nuclear facilities in Germany and South Korea have also been hit by cyberattacks. European Union officials have also raised concerns about the possibility of attacks against Belgium’s nuclear plants.

Reports published in the past months warned that countries are not prepared to handle attacks targeting their nuclear facilities, and the nuclear industry still underestimates cyber security risk.

A report published on Wednesday by the NTI provides a set of recommendations for improving cyber security at nuclear facilities based on a 12-month analysis conducted by an international group of technical and operational experts.

One of the most important priorities involves institutionalizing cybersecurity. Specifically, nuclear facilities should learn from their safety and physical security programs and integrate these practices into their cybersecurity programs.

Nuclear Cyber Security

Governments and regulators can also contribute by prioritizing the development and implementation of regulatory frameworks and by attracting skilled people into this field. International organizations have been advised to provide guidance and training, and support cooperation and an increased focus on cybersecurity through dialog and best practices.

Another priority should be active defenses. Experts pointed out that a determined adversary will likely be capable of breaching the systems of a nuclear facility and organizations must be prepared to efficiently respond to such incidents.

Sharing threat information, incident response exercises, more resources from governments, and the development of active defense capabilities are some of the recommendations for addressing this issue, but experts admit that it’s not an easy task due to the global shortage of technical experts.

Advertisement. Scroll to continue reading.

SAVE THE DATE: ICS Cyber Security Conference | Singapore – April 25-27, 2017

Reducing the complexity of digital systems should also be a priority for nuclear facilities. Experts recommend minimizing the complexity of digital systems and even replacing them with non-digital or secure-by-design products.

Finally, the NTI recommends conducting transformative research with the goal of developing hard-to-hack systems for critical applications. The list of actions includes governments investing in transformative research, the nuclear industry supporting the cybersecurity efforts of relevant organizations, and international organizations encouraging creativity for mitigating cyber threats.

“Today’s defenses are no longer adequate, and a fresh look at how to best protect nuclear facilities from cyberattack is needed,” experts wrote in the NTI report. “The threat is too great, and the potential consequences are too high, to remain comfortable with the status quo.”

The complete report, titled Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities, is available on the NTI’s website in PDF format.

Related: Nuclear Agency’s Cybersecurity Center Not Optimized

Related: Systems at Nuclear Regulatory Commission Hacked Multiple Times

Related: Former Nuclear Agency Worker Sentenced to Prison for Attempted Hack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Jessica Newman has joined Sophos as General Manager of Global Cyber Insurance.

Breach and attack simulation solutions provider AttackIQ has appointed Pete Luban as Field Chief Information Security Officer.

Matthew Cowell has assumed the role of VP of Strategic Alliances at Nozomi Networks. He previously served in the same role at Dragos.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.