Nuke Power Plants Under-Armed To Take On Cyberattack, Report

The global nuclear facilities face a new and worrying threat---of being hit with a "serious cyber attack", at some point due to their rising dependence on digital systems. They use widely accessible software and most of the top executives, seem to lack awareness, according to a new report  from the British think tank Chatham House.

"The cyber security risk is growing as nuclear facilities become increasingly reliant on digital systems and make increasing use of commercial 'off-the-shelf' software, which offers considerable cost savings but increases vulnerability to hacking attacks," reads the report.

The study followed 18 months of examining 30 senior nuclear officials at plants and government executives of the United States, United Kingdom, Canada, France, Germany, Ukraine and Japan, reports BBC.

Although nuclear plants are equipped with good safety and physical security after Sept. 11, 2001, the cyber security standards are not up to the mark, according to HNGN.

"The trend to digitization, when combined with a lack of executive-level awareness of the risks involved, also means that nuclear plant personnel may not realize the full extent of this cyber vulnerability and are thus inadequately prepared to deal with potential attacks," the report said.

Author Carolina Baylon pointed out that a "culture of denial" exists at the plants. As the plants are not linked to the Web, hackers cannot break through, according to the Financial Times.

"There is a pervading myth that nuclear facilities are 'air gapped' - or completely isolated from the public Internet - and that this protects them from cyber attack," wrote Baylon. "Yet not only can air gaps be breached with nothing more than a flash drive (as in the case of Stuxnet), but the commercial benefits of Internet connectivity mean that nuclear facilities may now have virtual private networks and other connections installed, sometimes undocumented or forgotten by contractors and other legitimate third-party operators."

Many officers seem to use default passwords like "1234" for the systems that regulate their processes.

Even as companies add digital "backdoors" in order to monitor the systems, and many bring personal systems leaving them "plugged into the system overnight", they tend to increase the risks.

Baylong said that an attack could release ionizing radiation. "Moreover, even a small-scale cyber security incident at a nuclear facility would be likely to have a disproportionate effect on public opinion and the future of the civil nuclear industry."

"It would be extremely difficult to cause a meltdown at a plant or compromise one but it would be possible for a state actor to do, certainly," said Baylon. "The point is that risk is probability times consequence. And even though the probability might be low, the consequence of a cyber incident at a nuclear plant is extremely high."