Nuclear plants in denial over risks of cyber attack: Report

LONDON • The risk of a serious cyber attack on nuclear power plants around the world is increasing, a report by the influential British think-tank Chatham House has warned.

The civil nuclear infrastructure in most nations was not well prepared to defend against such attacks, said the report, quoted by the BBC. It added that many of the control systems for infrastructure were "insecure by design" because of their age.

Chatham House studied cyber defences in power plants around the world over an 18-month period, the BBC said. It concluded that cyber criminals, state-sponsored hackers and terrorists were all increasing their online activity with the result that the risk of a significant Internet-based attack was "ever present".

Such an attack on a nuclear plant, even if small-scale or unlikely, needed to be taken seriously because of the harm that would follow if radiation was released.

"Cyber security is still new to many in the nuclear industry," said the report's author, Ms Caroline Baylon, a research associate for science, technology and cyber security at Chatham House's International Security Department.

She told London's Financial Times that the nuclear industry was good at safety and, after 9/11, at physical security. "But they have barely grappled with cyber," she said.

The BBC said the report noted that there was a "pervading myth" that computer systems in power plants were isolated from the Internet and were immune to the kind of cyber attacks that have affected other industries.

However, it said, this so-called "air gap" between the public Internet and nuclear systems was easy to breach with "nothing more than a flash drive". It gave as an example the destructive Stuxnet computer virus that infected Iran's nuclear facilities.

Ms Baylon said there was a "culture of denial" at many nuclear plants.

The ComputerWeekly website highlighted the report's conclusion that the digitisation of systems and increasing reliance on commercial software were increasing the risks to the nuclear industry.

The BBC said researchers for the report had also found evidence of virtual networks and other links to the public Internet on nuclear infrastructure networks. Some of these had been forgotten or were simply unknown to those in charge of these organisations, the report said.

A version of this article appeared in the print edition of The Straits Times on October 06, 2015, with the headline 'Nuclear plants in denial over risks of cyber attack: Report'. Print Edition | Subscribe