Hacking Risks to Nuclear Power Plants
October 6th, 2015haha. Somehow, I thought the control systems for nuclear power plants were air-gapped.
This article says that’s a, “Pervading myth.”
Via: Computer World:
The risk of serious cyber-attacks on nuclear power plants is growing, according to a new report by think-tank Chatham House. If you follow this type of news, then this is probably not a big shocker, but did you know there have been around 50 cyberattacks on nuclear plants?
One unnamed expert quoted in the Chatham report (pdf) claimed, “What people keep saying is ‘wait until something big happens, then we’ll take it seriously’. But the problem is that we have already had a lot of very big things happen. There have probably been about 50 actual control systems cyber incidents in the nuclear industry so far, but only two or three have been made public.” The report claimed that there is limited incident disclosure and a “need to know” mindset that further limits collaboration and information-sharing.
“In a worst-case scenario, cyberattacks could lead to a release of ionizing radiation with potentially disastrous impacts on local populations.” In fact, “something as simple as employees installing a personal device onto a nuclear facility’s internal network could open it up to attacks,” Caroline Baylon, a cybersecurity researcher at Chatham House, told Newsweek. She explained, “Let’s say the people in the plant want to install a router so they can check their emails. That might all of a sudden open up a vulnerability.”
It is also a “pervading myth” that nuclear power plants are air-gapped – not connected to the Internet – and can’t be hacked. Yet executives controlling the purse strings at some plants are in denial; a source said they consider a cyberattack just “a movie scenario, maybe in the future. They think it is just states against states, not everybody wants to hack us, and also it won’t happen here.”
