By Martin Banks
People have worried about the safety of nuclear energy since it first came around in the mid-twentieth century. Nuclear energy has a lot of potential for powering our world, but it has just as much potential for destruction. As a result, the facilities that deal with this kind of power have to pay extra attention to their security.
The nuclear industry is no stranger to high security, but today’s threat landscape is changing. It’s not just physical hazards and attacks that organizations and governments have to worry about anymore. Cyberattacks are the fastest-growing crime in America, and the nuclear industry may be unprepared to handle them.
The Nuclear Threat Initiative (NTI) recently released its biennial Nuclear Security Index, and the results are troubling. Since cybercrime has started to become a more prominent threat, the Index has taken cybersecurity measures into account. According to this year’s report, the world’s nuclear facilities have some work to do.
Cyberthreats to the Nuclear Industry
The digitization of the industry makes preventing physical threats a more complicated process. As helpful as IoT security measures can be, they also present the danger of hackers. When criminals can hack their way past things like cameras and locks, it’s more challenging to stop them.
Cybercrime’s most significant danger is that criminals don’t have to step foot in a facility to infiltrate it. Hackers could steal sensitive data about material transports, allowing them to get their hands on dangerous resources. Cyberterrorists could overload a reactor’s system, causing a catastrophic meltdown.
The threats that cybercrime poses to nuclear facilities run from monetary theft at best to radioactive fallout at worst. If a facility suffered a cybersecurity breach, it could put countless people in danger. If the world hopes to avoid another Chernobyl, nuclear facilities need to adopt thorough cybersecurity practices.
Nuclear Cybersecurity Needs Improvement
According to the NTI’s report, nuclear security as a whole saw significant improvements between 2012 and 2018. The NTI started looking at cybersecurity in 2016, so that means even previous cyber efforts seemed good. Unfortunately, between 2018 and 2020, the nuclear industry’s cybersecurity efforts fell short.
As cyber threats have evolved, the industry’s security should have evolved alongside them. The 2020 Nuclear Security Index says that while regulations are adapting, many countries haven’t adopted them. Cybersecurity remains one of the three most significant areas of weakness, and these threats are growing.
Only 24% of indexed countries scored high for cybersecurity, and just 4% got a perfect score. Perhaps more troubling, another 24% of nations didn’t get any points for their nuclear cybersecurity. The Index also introduced a security culture score this year, and 65% of countries scored low or got a zero there.
How the Industry Can Improve
The NTI’s report also contains suggestions for how nations can improve their nuclear security. Their first recommendation for low cybersecurity is to avoid becoming complacent about cyberthreats. Nuclear facilities have to take a proactive approach to cybersecurity, updating and upgrading it as threats evolve.
The NTI also recommends that nations establish regulations about cybersecurity in nuclear facilities. While having these rules in place is critical, it’s not the only part of the equation. After setting up these regulations, authorities need to enforce them, as many countries with guidelines in place don’t necessarily adhere to them.
Another point that the NTI has made repeatedly through the years is to reduce complexity. In an earlier cybersecurity release, they explained how being digitally sophisticated can be a threat in risky areas like nuclear power. The more complicated the system, the more staff may not know how to secure it properly.
How Current U.S. Cybersecurity Requirements Measure Up
According to the NTI’s rankings, the U.S. achieved ninth place in securing materials and seventh in protecting facilities. Those results indicate that the country’s relatively safe when it comes to nuclear facilities, but there’s still some work to do. For both categories, the NTI recommends that the U.S. pay more attention to its cybersecurity.
The U.S. has specific regulations for access security in high-risk sites like these facilities, and cybersecurity is no different. Atomic power plants have to meet requirements from the U.S. Nuclear Regulatory Commission (USNRC). While the NTI praises this step, it notes how the nation needs to mandate regular cybersecurity assessments.
For all their regulations, the U.S. doesn’t require frequent testing of cybersecurity systems. Given the evolving nature of cybercrime and the sensitivity of nuclear facilities, that’s quite the risk. The NTI also recommends that the U.S. mandate regular assessments of sites’ security cultures.
About the NTI
The NTI came about in 2001, founded by former senator Sam Nunn and CNN founder Ted Turner. Working with experts and governments around the world, the NTI works to assess global nuclear threats and establish a framework to address these dangers. While cybersecurity isn’t their only point of focus, it’s become a more prominent one as cyber threats have grown.
Security, business, science and international diplomacy experts make up the NTI’s board of trustees. They also feature a panel of world leaders from governments and academic institutions to assess these issues accurately. The Nuclear Security Index, their primary publication, has come out since 2012.
The Index covers three different areas: countries with nuclear materials, those with nuclear facilities and those that could be safe havens for illegal nuclear activity. Those categories include 22, 47 and 154 nations, respectively, with some overlap. Some countries provide data directly to the NTI, while publicly accessible data fills in the gaps.
Cybersecurity Is Essential in a Digital World
Fear of nuclear fallout may not be as high as it once was, but it’s still a relevant concern. With the rise of cybercrime, these fears may grow again, especially as some nations struggle to meet security standards. In any industry, cybersecurity is now essential, and atomic materials are no different.
Without strong cybersecurity standards, any kind of facility could be at risk of an attack. With assets as risky as nuclear materials, these standards are even more crucial. If the world wants to avoid a catastrophic nuclear event, these facilities will need better cybersecurity.
About the Author
Martin Banks is the founder and Editor-in-Chief of Modded. You can find his writing all over the internet. He covers tech, gear, cars, and more.