Recent reports from the Nuclear
Threat Initiative and Chatham
House, both find that nuclear facilities in many countries are “easy
targets for cyberattacks.” Among problems cited in the reports are a significant
nuclear presence, few government regulations, and inadequate or corrupt
oversight of nuclear facilities.
The reports highlight important issues, but are
disappointing in that they provide little insight into the raw data used to
draw their conclusions. Both reports talk about regulations existing in some
jurisdictions and not in others, and also cite cybersecurity elements of
regulations in some jurisdictions, but not others, but provide no sources.
References to the regulations examined by the authors would help everyone
interested in a deeper understanding access those regulations to understand
them better.
The reports do highlight an important fact – for all the
talk of cybersecurity vulnerabilities, many of the older reactors in the world
are still controlled with analog controls, and those controls are immune to
digital cybersabotage/compromise attempts. Newer reactors though, use digital controls
and so are of greater concern. And even those reactors with analog controls for
the reactor core may use digital controls for other aspects of the reactors,
such as controls for cooling equipment. It was after all, cooling equipment
that was damaged in the Fukishima tsunami, and whose failure ultimately
resulted in explosions and the release of large amounts of radioactive
materials.
Cyberattack tools, like any other software, continue to
evolve and develop more features. As a result, cybersecurity attacks only
become more sophisticated over time. What is today’s “advanced attack” is
tomorrow’s script-kiddie tool. Nuclear generators should be leading the way for
both physical and cybersecurity for industrial control systems. All industrial
sites should be looking to the attacks of concern to nuclear generators and the
defensive systems being deployed to deflect such attacks. What is of concern today
to only nuclear sites will be every ICS site’s problem in only a handful of
years.
Physical and cybersecurity at nuclear sites is a difficult
problem. At Waterfall Security Solutions, we are proud to be part of the
cybersecurity solution at nuclear generators throughout the USA, as well as in
Japan, South Korea and Spain. Waterfall’s Unidirectional Security Gateways
block 100 percent of network attacks originating on external networks at
nuclear generators in these and other jurisdictions.
For more information
on best practices for securing critical infrastructure, visit our Resources page.