The News That Matters about the Nuclear Industry Fukushima Chernobyl Mayak Three Mile Island Atomic Testing Radiation Isotope

Organisational intertia: Civilian Nuclear Facilities Just Begging to Be Hacked

text-cat-questionI wonder if the South Australia Nuclear Fuel Chain Commission’s fudgy old pro nuke fossils are awake up to this one?

New Report: Civilian Nuclear Facilities Are Just Begging to Be Hacked,Motherboard,  by MICHAEL BYRNE 11 October 2015 Worldwide civilian nuclear infrastructure
is woefully underprepared for the likelihood of a cyberattack, according to a new report from researchers at Chatham cyber-attackHouse, a London-based think-tank. As facilities become more reliant on digital systems and off-the-shelf software, and as top-level awareness of cybersecurity threats stagnates, a serious event seems foretold.

“Recent high-profile cyber attacks, including the deployment of the sophisticated 2010 Stuxnet worm, have raised new concerns about the cyber security vulnerabilities of nuclear facilities,” begins an executive summary of the report. “As cyber criminals, states, and terrorist groups increase their online activities, the fear of a serious cyber attack is ever present.”

“This is of particular concern because of the risk—even if remote—of a release of ionizing radiation as a result of such an attack,” the summary continues. “Moreover, even a small-scale cyber security incident at a nuclear facility would be likely to have a disproportionate effect on public opinion and the future of the civil nuclear industry.”…….

You’re probably not going to get a bomb near a reactor core, but malicious code is another story.

The second part of the problem has to do with off-the-shelf software, according to the report. It’s much cheaper to buy pre-built systems, but this opens up new possibilities for hacker infiltration.

“Hacking is becoming ever easier to conduct, and more widespread: automatic cyber attack packages targeted at known and discovered vulnerabilities are widely available for purchase,” the Chatham researchers write. “Advanced techniques used by Stuxnet are now known and being copied; and search engines can readily identify critical infrastructure components that are connected to the internet.”

The paper highlights several barriers faced in fixing the whole mess. One is a lack of incident reporting—operators at different facilities are not always aware of attacks on other facilities. This is further enabled by a general lack of regulatory requirements regarding cybersecurity. Developing countries may have even fewer requirements on top of being at increased risk due to a lack of resources. Staff at nuclear facilities are, moreover, often ill-prepared for cyber threats due to lack of training, poor communication between nuclear engineers and security personnel, and an executive-level disinterest in or obliviousness to non-physical dangers.

The technical challenges outlined include:…..

Organizational inertia is a hell of a thing though. If history is any guide, it will take more than recommendations to see real change. It will take an actual disaster.

October 14, 2015 - Posted by | general

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: