20150930CyberSecurity

Chatham House: Nuke Plants Vulnerable to Cyber Attack

Chatham House has released an important study on the vulnerabilities of nuclear power plants to cyber attacks.  You can find the whole report here.

Specific findings include:

  • The conventional belief that all nuclear facilities are ‘air gapped’ (isolated from the public internet) is a myth. The commercial benefits of internet connectivity mean that a number of nuclear facilities now have VPN connections installed, which facility operators are sometimes unaware of.
  • Search engines can readily identify critical infrastructure components with such connections.
  • Even where facilities are air gapped, this safeguard can be breached with nothing more than a flash drive.
  • Supply chain vulnerabilities mean that equipment used at a nuclear facility risks compromise at any stage.
  • A lack of training, combined with communication breakdowns between engineers and security personnel, means that nuclear plant personnel often lack an understanding of key cyber security procedures.
  • Reactive rather than proactive approaches to cyber security contribute to the possibility that a nuclear facility might not know of a cyber attack until it is already substantially under way.

– See more at: https://www.chathamhouse.org/publication/cyber-security-civil-nuclear-facilities-understanding-risks#sthash.kuamiRKl.dpuf