Nuclear power plants ‘highly vulnerable’ to cyber-attacks
The “Cyber Security at Civil Nuclear Facilities: Understanding the Risks” report involved a study of cyber-security at plants across Europe and interviews with 30 senior officials in the nuclear industry and the governments of Japan, France, the UK and the US.
“Cyber security is still new to many in the nuclear industry,” Caroline Baylon, the report’s author, told the Financial Times.
“They are really good at safety and, after 9/11, they’ve got really good at physical security. But they have barely grappled with cyber,” she said, adding the industry suffers from a “culture of denial.”
The security issues stem from the increasing digitization of nuclear facilities by using relatively easily available technology to trim expenditure.
“The cyber security risk is growing as nuclear facilities become increasingly reliant on digital systems and make increasing use of commercial ‘off-the-shelf’ software, which offers considerable cost savings but increases vulnerability to hacking attacks,” the report argues.
“Meanwhile, hacking is becoming ever easier to conduct, and more widespread: automatic cyber-attack packages targeted at known and discovered vulnerabilities are widely available for purchase.”
The report says there is a real risk of a devastating incident like the one which occurred at the Fukushima plant in Japan in 2011, when an earthquake and resulting tsunami hit and badly damaged the facility.
Military nuclear facilities also came under close scrutiny after a nuclear weapons factory in the UK was censured by regulators for failing to show a long-term plan for handling radioactive waste from nuclear arms.
The Atomic Weapons Establishment (AWE) in Aldermaston was given an improvement notice in August by the Office for Nuclear Regulation (ONR).
The ONR, an independent regulator, said the notice gives AWE one year to come up with solutions for how it will handle nuclear waste.