Nuclear Power Plants Could Benefit from Better Cybersecurity

In the fast-growing world of digital connectedness, those in the financial, digital information and healthcare sectors know they need to protect against cyber attacks. But what about the nuclear industry? Is there a reason to ramp up cybersecurity around nuclear plants?
The short answer: yes.
Following a December cyber attack that caused a power outage in Ukraine, concerns have mounted regarding cybersecurity in the nuclear sector. In fact, The Washington Post recently reported that “the stakes are even higher in the nuclear space because of the potentially devastating results of a malfunction — or the possibility someone could create an opportunity to steal nuclear materials.”
These concerns have come amid the lifting of sanctions on Iran — that’s noteworthy because the sanctions were put in place largely due to the country’s stance on nuclear power. As The Economist explains, “preventing a country’s production of nuclear materials that can be used in weapons is just one counter-proliferation measure. Another is to protect against current stockpiles falling into the wrong hands, or better yet, to ensure countries have nothing to steal by eliminating their stocks altogether.”

How can nuclear facilities safeguard against cyber threats?

The US Nuclear Regulatory Commission (NRC) explains that much of the day-to-day monitoring and operating of nuclear power plants is done either digitally or on analog. Critical digital assets are interconnected with plant safety, security and emergency preparedness functions, which are isolated from the internet, providing a certain degree of protection from cyber attacks.
Still, that doesn’t mean these facilities are entirely safe from cyber attacks. And unfortunately, a recent study by the Nuclear Threat Institute (NTI) shows that nuclear facilities across 20 nations are sorely lacking the “basic requirements to protect nuclear facilities from cyber attacks.”
Ahead of the final Nuclear Security Summit (scheduled for March 31 to April 1), the NTI’s Nuclear Security Index is showing that progress in reducing the “threat of catastrophic nuclear terrorism” has slowed, leaving major gaps in the global nuclear security system. The aim of the index is to assess how well countries are protecting their nuclear facilities against sabotage, as well as cyber attacks.
“The current global nuclear security system has dangerous gaps that prevent it from being truly comprehensive and effective,” Nuclear Threat Initiative President Joan Rohlfing commented recently, adding that “[u]ntil those gaps are closed, terrorists will seek to exploit them.”
The NTI states that while some countries have been taking steps to mitigate the potential for cyber attacks on their nuclear facilities, many still lack the laws and regulations required to provide effective cybersecurity.
To determine how countries rank in terms of overall nuclear security conditions, the NTI looked at national-level policies, actions and other factors that impact the country. To gauge a country’s risk for either theft or sabotage, NTI looked at five categories: quantities and sites; security and control measures; global norms; domestic commitments and capacity; and finally risk environment.

The organization notes that of the 24 countries with weapons-usable nuclear materials, only nine of them were awarded a maximum score for the cybersecurity indicator, and seven received a score of zero. On the other hand, of the 23 companies surveyed with nuclear facilities and no weapons-usable materials, four were granted a maximum score whereas 13 scored zero. These figures indicate that nuclear facilities are, for the most part, unprepared for the growing threat of cyber attacks.

The upshot

The Economist highlights that though progress is being made at improving nuclear safety, there is still a ways to go. In the meantime, there is “a growing risk of sabotage by a number of methods which includes cyber attacks.” Notably, some 45 countries overall have some form of nuclear facility that “would be vulnerable to a radiological leak on the same scale as the Fukushima disaster.”
The most “at risk” countries are Iran and North Korea; however, developing countries with nuclear programs, such as Egypt and Algeria, are also less secure.
 
Securities Disclosure: I, Vivien Diniz, hold no direct investment interest in any company mentioned in this article.