Page 36 - Cyber Defense eMagazine for September 2020
P. 36

Cybercrime's most significant danger is that criminals don't have to step foot in a facility to infiltrate it.
            Hackers  could  steal  sensitive  data  about  material  transports,  allowing  them  to  get  their  hands  on
            dangerous  resources.  Cyberterrorists  could  overload  a  reactor's  system,  causing  a  catastrophic
            meltdown.


            The threats that cybercrime poses to nuclear facilities run from monetary theft at best to radioactive fallout
            at worst. If a facility suffered a cybersecurity breach, it could put countless people in danger. If the world
            hopes to avoid another Chernobyl, nuclear facilities need to adopt thorough cybersecurity practices.



            Nuclear Cybersecurity Needs Improvement

            According to the NTI's report, nuclear security as a whole saw significant improvements between 2012
            and 2018. The NTI started looking at cybersecurity in 2016, so that means even previous cyber efforts
            seemed good. Unfortunately, between 2018 and 2020, the nuclear industry's cybersecurity efforts fell
            short.

            As cyberthreats have evolved, the industry's security should have evolved alongside them. The 2020
            Nuclear Security Index says that while regulations are adapting, many countries haven't adopted them.
            Cybersecurity  remains  one  of  the  three  most  significant  areas  of  weakness,  and  these  threats  are
            growing.


            Only 24% of indexed countries scored high for cybersecurity, and just 4% got a perfect score. Perhaps
            more troubling, another 24% of nations didn't get any points for their nuclear cybersecurity. The Index
            also introduced a security culture score this year, and 65% of countries scored low or got a zero there.



            How the Industry Can Improve

            The NTI's report also contains suggestions for how nations can improve their nuclear security. Their first
            recommendation for  low  cybersecurity  is  to  avoid  becoming complacent  about  cyberthreats.  Nuclear
            facilities have to take a proactive approach to cybersecurity, updating and upgrading it as threats evolve.

            The NTI also recommends that nations establish regulations about cybersecurity in nuclear facilities.
            While having these rules in place is critical, it's not the only part of the equation. After setting up these
            regulations, authorities need to enforce them, as many countries with guidelines in place don't necessarily
            adhere to them.


            Another point that the NTI has made repeatedly through the years is to reduce complexity. In an earlier
            cybersecurity release, they explained how being digitally sophisticated can be a threat in risky areas like
            nuclear power. The more complicated the system, the more staff may not know how to secure it properly.



            How Current U.S. Cybersecurity Requirements Measure Up







            Cyber Defense eMagazine – September 2020 Edition                                                                                                                                                                                                         36
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   31   32   33   34   35   36   37   38   39   40   41