UK nuclear power facilities are vulnerable to ‘serious cyber attack’, according to a report published by Chatham House.
In the report titled ‘Cyber Security at Civil Nuclear Facilities – Understanding the Risks,’ the research institute indicated that the out-dated infrastructure control systems used in nuclear facilities are insecure by design.
Additionally, the country’s dependency on digital systems and commercial software increases the risks.
Chatham House has prepared the report following a 18-month long study of cyber defences in worldwide power plants.
The report stated: “There is a pervading myth that nuclear facilities are ‘air gapped’, or completely isolated from the public internet, and that this protects them from cyber attack.
“Yet not only can air gaps be breached with nothing more than a flash drive, but the commercial benefits of internet connectivity mean that nuclear facilities may now have virtual private networks and other connections installed, sometimes undocumented or forgotten by contractors and other legitimate third-party operators.”
While conducting the study, researchers also found evidence of virtual networks and other links to the public internet on nuclear infrastructure networks. While some has been forgotten, many were only known to those in control.
Search engines looking for critical infrastructure had already indexed links that made those easier for hacking into networks and control systems.
Nuclear Industry Association chief executive Keith Parker was quoted by the BBC as saying: “Security, including cyber security, is an absolute priority for power station operators.”
“All of Britain’s power stations are designed with safety in mind and are stress-tested to withstand a vast range of potential incidents.
“Power station operators work closely with national agencies such as the Centre for the Protection of National Infrastructure and other intelligence agencies to always be aware of emerging threats.”
The report recommended: “The cybersecurity threat requires an organisational response by the civil nuclear sector, which includes, by necessity, knowledgeable leadership at the highest levels, and dynamic contributions by management, staff and the wider community of stakeholders, including members of the security and safety communities.”
