With the increasing reliance on digital systems and use of commercial “off-the-shelf” software, global civil nuclear facilities are facing growing risk of a serious cyber attack, a report released on Monday by the Chatham House, a London-based think tank, said.
The commercial benefits of internet connectivity mean that a number of nuclear facilities now have VPN (Virtual Private Network) connections installed, and search engines can readily identify critical infrastructure components with such connections, warns the report.
Even where facilities are “air gapped,” or isolated from the public internet, this safeguard can be breached with nothing more than a flash drive, according to the report.
The authors of the report also highlighted that factors such as supply chain vulnerabilities, a lack of personnel training and reactive rather than proactive approaches to cyber security were leading to increasing risks of cyber security, Xinhua news agency reported.
Given the risks, the authors suggested several measures to be taken to beef up cyber security in nuclear facilities.
These measures include an integrated risk assessment, implementing rules to promote good IT hygiene, the establishment of industrial CERTs (Computer Emergency Response Team), and encouraging universal adoption of regulatory standards, among others.