Nuclear Facilities Have Poor Cyber Security

According to Chatham House, the nuclear industry is falling behind other industries when facing cyber security.

A new report  reveals that civilian nuclear facilities are not paying adequate attention to developing “cyber security readiness”.

According to the executive summary of “Cyber Security at Civil Nuclear Facilities: Understanding the Risks“, the Royal Institute of International Affairs at well known think tank Chatham House conducted in-depth interviews with 30 industry practitioners, policy-makers, and academics over the past year in an effort to understand the intersection of physical security and cyber security at civilian nuclear facilities.

This report in part responds to the growing concern among some that hackers and terrorists could launch a digital attack against a nuclear facility, thereby threatening the public with radiation should a meltdown occur and/or potentially undermining popular confidence in civilian nuclear energy.

“Cyber security is still new to many in the nuclear industry,” said Caroline Baylon, the report’s author. “They are really good at safety and, after 9/11, they’ve got really good at physical security. But they have barely grappled with cyber.”

Through their interviews, researchers at Chatham House uncovered a number of “major challenges” confronting civilian nuclear facilities. One of the key problems identified in the report is the conventional belief that civilian nuclear facilities are protected against digital attacks as a result of their networks being air-gapped, or isolated from the public web. This perspective was proved false in 2010 when Stuxnet, a computer worm whose attack vectors were recently discovered to still be viable via the use of the vulnerability CVE-2015-0096, caused physical damage to the centrifuges at Iran’s Natanz nuclear facilities after being introduced via the use of a USB device.

Other challenges include the following:

  • A lack of training as well as communication breakdowns between engineers and security personnel means that personnel at nuclear facilities are not adequately knowledgeable about cyber security risks.
  • Many facilities adopt reactive and not proactive approaches to cyber security, which means that a nuclear facility might not detect an attack (if at all) until it is already under way.

Researchers at Chatham House go on to suggest in a blog post a number of recommendations that civilian nuclear facilities can use to improve their cyber security readiness. These include developing procedures that allow them to measure cyber security risk, implementing ongoing employee awareness training, and creating rules that promote “IT hygiene.”

Tripwire

 

« CyberCollaborate Platform Promotes Access to UK Cyber Security Innovators
The Blockchain Might Be The Next Disruptive Technology »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Beachhead Solutions

Beachhead Solutions

Beachhead's SimplySecure is a configurable, web-based management tool allowing you to remotely secure vulnerable mobile devices in your organization.

Cyber Triage

Cyber Triage

Cyber Triage is an automated incident response software any company can use to investigate their network alerts.

ObjectSecurity

ObjectSecurity

ObjectSecurity is a leader in authorization policy automation. With OpenPMF, you can manage application security policies for access control and auditing.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

IDnow

IDnow

IDnow is the world’s fastest, most flexible and most secure identity verification platform, delivering instant verification of the identity documents used by 7 billion people.

BotRx

BotRx

BotRx is the only AI-enabled, automated fraud protection technology that allows fast & easy deployment - continually keeping invisible bad bots and agents at bay, so you can rest easy.

BCN Group

BCN Group

BCN Group is an agile IT solutions provider. We are experts in delivering and managing business-critical technology solutions.

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Schellman

Schellman

Schellman is a leading provider of attestation and compliance services.

Rampart AI

Rampart AI

Tackling DevSecOps Issues In Application Security. Rampart has revolutionized the shift left security approach, applying zero-trust to application development.

ConvergePoint

ConvergePoint

ConvergePoint is the leading compliance software provider on the Microsoft Office 365 SharePoint platform.

Cork

Cork

Cork is a purpose-built cyber warranty company for managed service providers (MSPs) serving small businesses (SMBs) and the software solutions they manage.

Scope AI

Scope AI

Scope AI is an innovative technology company specializing in quantum security and machine learning.

Cythera

Cythera

Cythera is an Australian cyber security company with in-house cyber security professionals providing world-class cyber protection to medium to large companies all over Australia.

Palindrome Technologies

Palindrome Technologies

Palindrome Technologies help clients defend against cyberattacks across all attack surfaces, including hardware, software, network-to-cloud, people, and emerging technologies.