Nuclear Industry Vulnerable to Cyber Attacks
The nuclear industry has strong mechanisms in place to prevent or mitigate a cyber-attack, but more work needs to be done, especially in the battle against complacency.
Nuclear plants can be attacked in a variety of ways, both from inside and outside their walls, and these malicious tactics are constantly evolving. In fact, according to the Nuclear Threat Initiative (NTI), the frequency of cyber-attacks in the nuclear industry has risen significantly since 2000 on a global scale.
The Good, the Bad, and the Ugly of Nuclear Industry Cybersecurity
There are several good ways that nuclear power plants can defend against system hacking. These include:
- Preventing employees from bringing devices into the plant, such as laptops, flash drives, tablets and even cell phones
- Limiting access to systems by subcontractors and vendors
- Utilizing “SCRAM” protocols – which refer to the immediate shutdown of a plant via the insertion of control rods into the reactor
- Physically isolating the plant’s computers or network from the internet – this is known as an “air gap”
In addition, nuclear plants are required to submit cybersecurity plans to the Nuclear Regulatory Commission (NRC), and they also receive regular briefings from the FBI and DHS.
Unfortunately, some of these methods can be compromised and turn bad. For example, air gaps are considered a strong method of protection, but there are often obscure, unknown network connections that can be forgotten, providing a backdoor for an attack.
Further, nuclear plants require the transmission of files in and out of their networks for various reasons, providing yet another difficult-to-detect entry point.
In addition, it is extremely difficult if not impossible to control employees 100% of the time. Whether by malice or ignorance, sometimes employees themselves can compromise security.
The weak point is human complacency. While the U.S. nuclear industry is ahead of the curve relative to other countries, cyber-attack tactics are constantly evolving. Cyber experts must make sure that they keep their fingers on the pulse of hacking tactics, and quickly communicate when new approaches are discovered. Otherwise, things could get real ugly, real quick!