author photo
By SecureWorld News Team
Thu | Nov 16, 2017 | 8:01 AM PST

Think Nuclear Power plants are run by systems isolated from the outside world?

Think again, says a study by Chatham House at The Royal Institute of International Affairs.

This fact even surprises plant operations teams, who sometimes do not know about new connections to the web.

Now that's unsettling.

Here are the top 6 findings on cybersecurity vulnerabilities at civilian nuclear power plants.

  1. The conventional belief that all nuclear facilities are ‘air gapped’ (isolated from the public internet) is a myth. The commercial benefits of internet connectivity mean that a number of nuclear facilities now have VPN connections installed, which facility operators are sometimes unaware of.

  2. Search engines can readily identify critical infrastructure components with such connections.

  3. Even where facilities are air gapped, this safeguard can be breached with nothing more than a flash drive.

  4. Supply chain vulnerabilities mean that equipment used at a nuclear facility risks compromise at any stage.

  5. A lack of training, combined with communication breakdowns between engineers and security personnel, means that nuclear plant personnel often lack an understanding of key cybersecurity procedures.

  6. Reactive rather than proactive approaches to cybersecurity contribute to the possibility that a nuclear facility might not know of a cyber attack until it is already substantially under way.      

Think "Equifax Breach" except with the side effect being a possible nuclear meltdown.

Or maybe that is too much to think about.

This sentence from a report on the study sums up the findings:

"...the trend to digitization, when combined with a lack of executive-level awareness of the risks involved, means that nuclear plant personnel may not realize the full extent of their cyber vulnerability and are thus inadequately prepared to deal with potential attacks."

More Americans living within 50 miles of nuclear power plants

An MSNBC report says 116 million people live within a few miles of nuclear power plants, and that population is growing.

Of the 100 most populous U.S. Cities, "26 have a nuclear plant within 50 miles: New York, Chicago, Philadelphia (3 different plants nearby), Phoenix, San Diego, Fort Worth, Charlotte (2 plants), Detroit, Baltimore, Boston (2 plants), Washington, Virginia Beach and Norfolk, Omaha, Raleigh and Durham, Miami, Cleveland, Minneapolis and St. Paul (2 plants), New Orleans, Pittsburgh, Toledo (2 plants), Newark, Baton Rouge, and Rochester, N.Y."

With so many of us living in the shadow of a civilian nuclear power plant, hopefully, the nuclear industry will takes steps to increase its cybersecurity.

This is yet another intersection where cybersecurity and physical security merge together. 

Comments