Nuclear Facilities Have Poor Cyber Security

Uploaded on 2015-10-14 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Energy

According to Chatham House, the nuclear industry is falling behind other industries when facing cyber security.

A new report  reveals that civilian nuclear facilities are not paying adequate attention to developing “cyber security readiness”.

According to the executive summary of “Cyber Security at Civil Nuclear Facilities: Understanding the Risks“, the Royal Institute of International Affairs at well known think tank Chatham House conducted in-depth interviews with 30 industry practitioners, policy-makers, and academics over the past year in an effort to understand the intersection of physical security and cyber security at civilian nuclear facilities.

This report in part responds to the growing concern among some that hackers and terrorists could launch a digital attack against a nuclear facility, thereby threatening the public with radiation should a meltdown occur and/or potentially undermining popular confidence in civilian nuclear energy.

“Cyber security is still new to many in the nuclear industry,” said Caroline Baylon, the report’s author. “They are really good at safety and, after 9/11, they’ve got really good at physical security. But they have barely grappled with cyber.”

Through their interviews, researchers at Chatham House uncovered a number of “major challenges” confronting civilian nuclear facilities. One of the key problems identified in the report is the conventional belief that civilian nuclear facilities are protected against digital attacks as a result of their networks being air-gapped, or isolated from the public web. This perspective was proved false in 2010 when Stuxnet, a computer worm whose attack vectors were recently discovered to still be viable via the use of the vulnerability CVE-2015-0096, caused physical damage to the centrifuges at Iran’s Natanz nuclear facilities after being introduced via the use of a USB device.

Other challenges include the following:

  • A lack of training as well as communication breakdowns between engineers and security personnel means that personnel at nuclear facilities are not adequately knowledgeable about cyber security risks.
  • Many facilities adopt reactive and not proactive approaches to cyber security, which means that a nuclear facility might not detect an attack (if at all) until it is already under way.

Researchers at Chatham House go on to suggest in a blog post a number of recommendations that civilian nuclear facilities can use to improve their cyber security readiness. These include developing procedures that allow them to measure cyber security risk, implementing ongoing employee awareness training, and creating rules that promote “IT hygiene.”

Tripwire

 

« CyberCollaborate Platform Promotes Access to UK Cyber Security Innovators
The Blockchain Might Be The Next Disruptive Technology »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TrustedSec

TrustedSec

TrustedSec is an information security consulting services, providing tailored solutions and services for small, mid, and large businesses.

Black Hat Briefings

Black Hat Briefings

The Black Hat Briefings are a series of highly technical information security conferences that bring together thought leaders from all facets of the infosec world.

TestingXperts

TestingXperts

TestingXperts is a specialist software QA and testing company.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

SIS Certifications (SIS CERT)

SIS Certifications (SIS CERT)

SIS Certifications is an ISO certification body serving more than 10,000 clients in over 15 countries worldwide.

FraudWatch International

FraudWatch International

FraudWatch has been protecting client brands around the world since 2003, and are the leaders in online brand protection from phishing, malware, social media and mobile apps impersonation.

Enclave Networks

Enclave Networks

Our mission is to give IT professionals a simple way to rapidly build secure connectivity between any application, computer system, device or infrastructure - regardless of the underlying network.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

CyberLab

CyberLab

CyberLab (formerly Chess) is a specialist cyber security company that provides a wide range of security solutions and services.

Bright Security

Bright Security

Bright Security is a developer-centric Dynamic Application Security Testing (DAST) solution that helps organizations ship secure applications and APIs quickly and cost-effectively.

LayerX Security

LayerX Security

LayerX's user-first browser security platform turns any browser into the most protected & manageable workspace, by providing real-time monitoring and governance over users’ activities on the web.

Cyberani Solutions

Cyberani Solutions

Cyberani Solutions was created to fulfill the cybersecurity needs of industry and government in Saudi Arabia, and across the Middle East and North Africa regions.

Circle Security

Circle Security

Circle’s breakthrough security API unifies solutions for identity and data security into one architecture and empowers organizations to secure their identity, data and privacy in their applications.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.

Dedagroup (Deda)

Dedagroup (Deda)

Dedagroup provide application solutions and IT services to bring innovation at the core of business processes.