Institutionalizing cybersecurity, reducing complexity, active defenses and transformative research should be a priority in reducing the risk of damaging cyberattacks at nuclear facilities, according to the Nuclear Threat Initiative (NTI).
While the Stuxnet attacks aimed at Iran are the most well-known, nuclear facilities in Germany and South Korea have also been hit by cyberattacks. European Union officials have also raised concerns about the possibility of attacks against Belgium’s nuclear plants.
Reports published in the past months warned that countries are not prepared to handle attacks targeting their nuclear facilities, and the nuclear industry still underestimates cyber security risk.
A report published on Wednesday by the NTI provides a set of recommendations for improving cyber security at nuclear facilities based on a 12-month analysis conducted by an international group of technical and operational experts.
One of the most important priorities involves institutionalizing cybersecurity. Specifically, nuclear facilities should learn from their safety and physical security programs and integrate these practices into their cybersecurity programs.
Governments and regulators can also contribute by prioritizing the development and implementation of regulatory frameworks and by attracting skilled people into this field. International organizations have been advised to provide guidance and training, and support cooperation and an increased focus on cybersecurity through dialog and best practices.
Another priority should be active defenses. Experts pointed out that a determined adversary will likely be capable of breaching the systems of a nuclear facility and organizations must be prepared to efficiently respond to such incidents.
Sharing threat information, incident response exercises, more resources from governments, and the development of active defense capabilities are some of the recommendations for addressing this issue, but experts admit that it’s not an easy task due to the global shortage of technical experts.
SAVE THE DATE: ICS Cyber Security Conference | Singapore – April 25-27, 2017
Reducing the complexity of digital systems should also be a priority for nuclear facilities. Experts recommend minimizing the complexity of digital systems and even replacing them with non-digital or secure-by-design products.
Finally, the NTI recommends conducting transformative research with the goal of developing hard-to-hack systems for critical applications. The list of actions includes governments investing in transformative research, the nuclear industry supporting the cybersecurity efforts of relevant organizations, and international organizations encouraging creativity for mitigating cyber threats.
“Today’s defenses are no longer adequate, and a fresh look at how to best protect nuclear facilities from cyberattack is needed,” experts wrote in the NTI report. “The threat is too great, and the potential consequences are too high, to remain comfortable with the status quo.”
The complete report, titled Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities, is available on the NTI’s website in PDF format.
Related: Nuclear Agency’s Cybersecurity Center Not Optimized
Related: Systems at Nuclear Regulatory Commission Hacked Multiple Times
Related: Former Nuclear Agency Worker Sentenced to Prison for Attempted Hack