Should You Be Afraid of Cyber-Attacks on Nuclear Power Plants?

Advertisement
By Andrea Peterson, The Washington Post | Updated: 18 January 2016 14:39 IST

Twenty countries with nuclear weapon materials or nuclear power plants "do not even have basic requirements to protect nuclear facilities from cyber-attacks," according to a new report from a nonproliferation watchdog group.

The Nuclear Threat Initiative's finding comes in the wake of reports from researchers that a cyber-attack last month caused a power outage in Ukraine, raising new concerns about the ability of the industrial sector to prevent digital attacks. And the stakes are even higher in the nuclear space because of the potentially devastating results of a malfunction - or the possibility someone could create an opportunity to steal nuclear materials.

Advertisement

In preparing its latest global ranking of nuclear security risks, NTI for the first time asked basic questions about regulations addressing how to protect nuclear facilities from cyber-attacks. "What we have observed is what I call enormous unevenness on the global stage to address this issue," said Page Stoutland, the group's vice president for scientific and technical affairs and one of the report's authors. The United States and other nations with developed programs often had regulatory safeguards, he said, while countries now developing nuclear programs were less likely to have formal policies in place.

The report is based on a review of publicly available information by the group, so it does not take into account classified measures that may be in place. And just because certain precautions are not required, that doesn't necessarily mean nuclear facilities aren't taking steps to defend themselves against cyber-attacks.

But that isn't enough for Stoutland. "In our view it's still important that a country have some level of regulation for us to have any confidence that is actually happening," he said.

The US nuclear industry sees the threat of cyber-attacks as very real, but the current risk of a major incident here as very low, said William Gross, a senior project manager for engineering at the Nuclear Energy Institute. "We've been doing this for a long time, and we take this very seriously," he said.

Advertisement

Nuclear power plants in the United States keep their systems disconnected from the Internet or use hardware that separates business computer systems at plants from those that control nuclear operations to protect them from being attacked through the Web, according to the institute. In a report released last year, the Department of Homeland Security said that "[n]othing suggests that a cyber attack executed through the Internet could cause a nuclear reactor to malfunction and breach containment."

However, some research suggests the nuclear power industry at home and abroad remains at risk to digital attacks. A 2013 CNN report claimed that security researchers discovered connections to the command and control systems of nuclear power plants accessible online. And a report last year by London-based think tank Chatham House said there appears to be an "element of denial" among nuclear power plant operators about cyber-security risk.

Advertisement

"Often, nuclear facilities will have undocumented connections to the internet" that could provide a way for malicious hackers to infect their systems, the Chatham House report said. The issue may be compounded, according to the group, by a lack of disclosure in the nuclear industry when cyber-attacks occur that makes it hard to judge the true scope of the problem and could leave the industry with a false sense of security.

However, there are a few significant cyber incidents involving nuclear power plants we do know about. In 1992, a programmer at a Lithuanian nuclear plant was arrested on charges that he sabotaged its computer systems - highlighting the potential for threats from insiders who don't need to go through the Internet to get to computer systems.

Advertisement

In 2003, computers at the Davis-Besse nuclear power plant in Ohio were infected by a computer worm dubbed "Slammer." The worm disabled the software interface employees used to monitor system safety for almost five hours. Luckily, the reactor had been offline due to unrelated problems since the year earlier and there was an analog backup system not affected by the infection.

And in 2008, a Georgia nuclear power plant went into emergency shutdown for 48 hours due to a cyber incident. This wasn't an attack, but an issue caused when a contractor installed a software update on one computer that reset the the data on a control system. That caused the system to incorrectly believe that the plant didn't have enough water to cool its nuclear fuel rods and triggered the safety precaution. The situation showed that even without a malicious actor, increased reliance on software and interconnected systems can come with new risks.

But nuclear power has always come with a certain amount of risk. And just like squirrels seem to currently be a bigger threat to our electrical grid than hackers, the most recent major incident involving a power plant had to do with a natural disaster: Japan's 2011 Fukushima plant disaster caused by a tsunami.

In fact, there is just one cyber campaign involving nuclear facilities reported to have caused physical damage - an attack on Iranian nuclear facilities by malware known as Stuxnet thought to have been jointly developed by the United States and Israel: The malware destroyed nearly 1,000 of Iran's 6,000 centrifuges - machines used to enrich uranium. But according to Stoutland, the nuclear industry as a whole has more work to do to help prevent problems in the future. "Even those facilities in countries that are very aware of these issues and working very hard on these issues are struggling to play catch up," he said.

© 2016 The Washington Post

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Best Mobiles Under Rs. 30,000 in India
  2. iPhone 18 Pro Max Might Arrive With Apple's Biggest Battery Yet
  3. Asus Vivobook 15 (2026) Launched in India Ahead of Amazon, Flipkart Sale Events
  4. Huion's 2026 India Lineup Defines Next-Gen Creativity
  5. Vivo X500 Camera Details Surface Online After X500 Pro Max Leaks
  6. Nokia 235 4G (2026), 215 4G (2026) Launched; Nokia 210 4G, 200 4G Tag Along
  7. Flipkart GOAT Sale: Top Early Deals on Smartphones, Tablets and More
  1. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  2. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  3. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  4. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  5. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  6. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  7. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
  8. Sony Reportedly Restructures Disc Factory After Announcing End of Physical Game Discs on PlayStation
  9. Maharashtra Legislature Passes Amendment to Bring Virtual Digital Assets Under Depositor Protection Law
  10. Redmi 17 5G NCC, SIRIM Certification Listings Reportedly Reveal Battery and Charging Details
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.