Cyber-attack threat to nuclear facilities underestimated by UK - report

A general view of the British Energy Hunterston 'B' nuclear power station near Largs in west Scotland © David Moir
British authorities underestimate the risk posed by malicious cyber-attacks, spy drones and data breaches to UK nuclear facilities and systems of transit, expert analysis suggests.

A hard-hitting briefing, published by the Nuclear Free Local Authorities (NFLA) on Sunday, outlined key security concerns relating to UK nuclear policy.

Risks flagged in the report include inside attacks on nuclear sites, the loss or theft of sensitive data relating to nuclear plants, cyber-attacks on nuclear facilities, malicious targeting of nuclear material in transit and the use of drones for adversarial means.

The research was carried out by the NFLA and Dr. David Lowry, a senior research fellow with the Institute for Resource and Security Studies in Cambridge, USA. It was dispatched to government officials, local authorities, nuclear regulatory agencies, British emergency services and the broader nuclear sector for review.

On the subject of insider threats, the report warned against blithe assumption-making. It argued vulnerabilities in online and offline systems must be rooted out and fixed before attacks occur. The study also called on the UK government to follow the approach of French and Dutch authorities, which plan to distribute iodine tablets to citizens in the wake of recent terror attacks.

New threats from missile technology and covert drones were also labeled a concern. The report said the introduction of passive and active instruments to enhance defense capabilities could provide an antidote to such dangers. 

Domestic and global regulations put in place to thwart nuclear security risks, it added, are riddled with “gaps and fissures” that require reform. The briefing criticized British policy, in particular, over an inherent contradiction: seeking to bolster and expand nuclear power programs, while trying to strengthen nuclear security by stemming the transport of radioactive materials.

The report's authors called for a review of guidelines relating to transport containers for nuclear materials and urged government, councils and emergency services to hold talks on how an attack on nuclear assets could be dealt with.

Lowry, a former Director of the European Proliferation Information Centre in London, said nuclear insecurity is “the great elephant in the room.”

“Pro-nuclear politicians – national and local – are both ignorant about the details set out in this analysis and thus overlook the consequences,” he said.

“This is a very dangerous state of affairs that require urgent rectification. They should start by reading this timely briefing.”

NFLA Chair Councillor Ernie Galsworthy said the policy briefing highlights important elements of Britain’s nuclear threat landscape.

“This is an excellent, well-researched report by David Lowry and the NFLA Secretariat and certainly indicates real cause for concern, particularly from aerial attacks, cyber threats and the potential hazards relating to the transport of nuclear materials, especially nuclear waste,” he said.

This obviously has an impact on emergency planning measures and highlights to me the need for enhanced local authority involvement with government, the emergency services and the nuclear sector to deal more flexibly with threats to nuclear security.”

The report cited the ‘Stuxnet’ virus, a form of malware that spies on and subverts industrial systems, as an example of the damage cyber-attacks on nuclear infrastructure can wreak.

The elaborate computer worm destroyed 20 percent of the centrifuges deployed in Iran’s nuclear program, and is believed to have been a US-Israeli cyber weapon. Other targets of the covert hacking operation included Iranian air defense and transport infrastructure.

Westminster intends to spend billions replacing its nuclear arsenal, while making nuclear power a cornerstone of UK energy security over the next 40 years. But the NFLA maintains this national nuclear policy could prove hazardous to local communities if it is not reviewed. At present, roughly 50 councils throughout England, Scotland, Wales and Ireland back the group's policy agenda.

A spokeswoman for the UK Office for Nuclear Regulation (ONR) said Britain’s civil nuclear industry is bound by strict regulatory guidelines.

“Duty holders within the UK civil nuclear industry are required by ONR to demonstrate that they have the resilience against a range of external threat scenarios,” she said.

“These scenarios are updated regularly considering developments in technology and other areas.”