A report from the think tank Chatham House said that nuclear power plants around the globe are vulnerable to cyberattacks and that the risk of cyber-oriented plant disasters is increasing.
The study said that cyber security at some nuclear power facilities is so lax that they rely on factory-set passwords to gain access. It also said that nuclear facilities are not isolated from the outside world, just because they are not hooked into the Internet. A virus can find its way to a nuclear power plant through a flash drive or a laptop computer. In addition, the report said, many nuclear facilities are “insecure by design,” simply because, due to their age, they were designed before cyberthreats were a major concern.
The report said breach of cybersecurity could have devastating consequences.
In addition, while both state-sponsored and domestic cyberattacks are growing in number, the nuclear power industry's cyber-isolation also works against it. First, “the infrequency of cybersecurity incident disclosure at nuclear facilities makes it difficult to assess the true extent of the problem,” the report said. This, said the report, could give the industry a false sense of security. “Moreover, limited collaboration with other industries or information-sharing means that the nuclear industry tends not to learn from other industries that are more advanced in this field,” according to the report.
The report calls for increased international cooperation and focused leadership. “The cybersecurity threat requires an organizational response by the civil nuclear sector, which includes, by necessity, knowledgeable leadership at the highest levels, and dynamic contributions by management, staff and the wider community of stakeholders, including members of the security and safety communities,” the report said.