SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
8 Oct 2015

Global nuclear facilities at risk of cyber attack

Nuclear power plants around the world are harbouring a “culture of denial” about the risks of cyber hacking, with many failing to protect themselves against digital attacks, a review of the industry has warned.

A focus on safety and high physical security means that many nuclear facilities are blind to the risks of cyber attacks, according to the report by think-tank Chatham House, citing 50 incidents globally of which only a handful have been made public.

The findings are drawn from 18 months of research and 30 interviews with senior nuclear officials at plants and in government in Canada, France, Germany, Japan, the UK, Ukraine and the US. “Cyber security is still new to many in the nuclear industry,” said Caroline Baylon, the report’s author. “They are really good at safety and, after 9/11, they’ve got really good at physical security. But they have barely grappled with cyber.” The report cites officials who describe the industry as being “far behind” other industrial sectors when it comes to insulating themselves against digital attacks.

Ms Baylon said there was a “culture of denial” at many nuclear plants, with a standard response from engineers and officials being that because their systems were not connected to the internet, it would be very hard to compromise them. “Many people said it was simply not possible to cause a major incident like a release of ionising radiation with a cyber attack . . . but that’s not necessarily true.”

Ms Baylon described how systems and back-ups powering reactor cooling systems could be compromised, for example, to trigger an incident similar to that seen at Fukushima Daichi in Japan in 2011, the worst nuclear failure since Chernobyl. Dozens of nuclear power stations have control systems accessible through the internet even though many plant operators believe a persistent “myth” that their facilities are “air gapped” with physically separated computer networks, the report says.

It points to a 2003 incident at the Davis-Besse plant in Ohio, when an engineer accessed the plant from his home laptop through an encrypted VPN connection. His home computer had become infected with the nuisance self-replicating “slammer” worm. The trojan infected the nuclear plant’s computer system, causing a key safety control system to be overwhelmed with traffic from the worm and trip out.

A more serious 2006 incident occurred at Browns Ferry in Alabama when a key safety system was similarly overwhelmed with network traffic and nearly led to a meltdown. The report points to a 2008 incident at the Hatch plant in Georgia to illustrate how vulnerable plants could be to deliberate digital disruption: though not an attack, when a contractor issued a routine patch to a business network system, it triggered a shutdown.

Most facilities still do not take cyber security seriously enough in spite of such instances, Ms Baylon said. Officials interviewed for the report, for example, described default vendor logins — the standard factory-set passwords such as “1234” — as being “everywhere” when it comes to the computer systems that regulate nuclear processes. Companies that own plants are also increasing the number of digital “backdoors” into facilities by putting in more monitoring systems to gather data and try to become more efficient businesses.

Engineers and contractors at facilities around the globe also routinely bring their own computers into nuclear plants to perform their jobs, officials told Chatham House. One described the control room at his nuclear plant as routinely having external laptops plugged in to its systems — sometimes left there overnight.

“It would be extremely difficult to cause a meltdown at a plant or compromise one but it would be possible for a state actor to do, certainly,” said Ms Baylon “The point is that risk is probability times consequence. And even though the probability might be low, the consequence of a cyber incident at a nuclear plant is extremely high.”

Tags:
hackers
Source:
Financial Times
1638
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015