12 Dec (NucNet): The “static” cybersecurity architecture at today’s nuclear facilities is not effective enough on its own to prevent a breach by a determined adversary, according to a report from the Washington-based Nuclear Threat Initiative (NTI). The report, ‘Outpacing Cyber Threats: Priorities for Cybersecurity at Nuclear Facilities’, says breaches will occur and having an effective response is crucial. Nuclear facilities need to develop the means to respond once a compromise occurs. Such action is essential but “remains challenged” by the global shortage of technical experts. The report says cyber threats against nuclear facilities are on the rise and governments, industry, and international organisations must increase their focus and accelerate efforts to protect against a cyberattack with potentially catastrophic consequences. Although there has been unprecedented progress in the security of nuclear materials and facilities over the last decade, the cyber threat has increased. Case after case – from the Stuxnet attacks on the Natanz uranium enrichment facility in Iran, to the hack of Korea Hydro and Nuclear Power in South Korea and “disturbing revelations” of malware found on systems at a German nuclear power plant – demonstrates that the current approach to cybersecurity at nuclear facilities is not equal to the challenge, the report says. The report calls for cybersecurity should be institutionalised with the implementation of “robust processes and practices”. It also says nuclear operators should reduce the complexity of their digital systems. Today’s nuclear facilities consist of more than 1,000 such systems. “Governments and regulators should support – with financial, personnel, and research resources – facility efforts to characterise networks, understand functionalities and interactions, and ultimately minimise complexity in critical systems.” The report is online: http://bit.ly/2h6IhoU
