Nuclear power plants warned on cyber security

October 5, 2015
Technicians are pictured as they work on the simulator control panel during an exercise on nuclear security at the Civaux Nuclea
Technicians are pictured as they work on the simulator control panel during an exercise on nuclear security at the Civaux Nuclear Power plant, 34 kms southeast of Poitiers, western France, on September 22, 2015

Operators of nuclear power plants worldwide are "struggling" to adapt to the increasing and potentially dangerous threat of cyber attacks, a report warned Monday.

The "is beginning -– but struggling -– to come to grips with this new, insidious threat," the Chatham House think-tank in London said in a study based on 18 months of investigation.

Its findings suggest that "lack preparedness for a large-scale cyber security emergency, and there would be considerable problems in trying to coordinate an adequate response."

It highlighted insufficient funding and training, a "paucity" of regulatory standards, increasing use of digital systems and greater use of cheaper but riskier commercial "off-the-shelf" software.

In addition there is a "pervading myth" that are protected because they are "air gapped"—in other words not connected to the Internet.

In fact, many nuclear facilities have gradually developed some form of Internet connectivity, and computer systems can be infected with a USB drive or other removable media devices.

This was the case with Stuxnet, a virus reportedly developed by the United States and Israel—and implanted with a flash drive—which caused Iran's major problems in 2010.

Chatham House added that Stuxnet, which it said is also believed to have infected a Russian nuclear plant, has had the unintended effect of teaching cyber criminals how to improve their techniques.

"Once Stuxnet's existence became publicly known, hackers around the world took inspiration from the way it functioned and incorporated some of its features into malware to suit their own purposes," it said.

Explore further: Chevron says hit by Stuxnet virus in 2010

Related Stories

Chevron says hit by Stuxnet virus in 2010

November 9, 2012

Oil giant Chevron was struck by the Stuxnet virus, a sophisticated cyber attack that tore through Iran's nuclear facilities and is believed to have been launched by the United States and Israel.

Iran poses growing cyber threat to US

April 16, 2015

Iran poses a growing threat to America's computer networks and has launched increasingly sophisticated digital attacks and spying on US targets, according to a new report released Thursday.

Iran says Duqu malware under 'control'

November 13, 2011

Iran said on Sunday it had found a way to "control" the computer malware Duqu, which is similar to Stuxnet virus which in 2010 attacked its nuclear programme and infected more than 30,000 computers.

Second computer worm 'hits Iran'

April 25, 2011

Iran has been hit with new malicious software as part of cyber attacks against the country, a military officer told Mehr news agency on Monday without specifying the target.

Recommended for you

Engineers use replica to pinpoint California dam repairs

June 26, 2017

Inside a cavernous northern Utah warehouse, hydraulic engineers send water rushing down a replica of a dam built out of wood, concrete and steel—trying to pinpoint what repairs will work best at the tallest dam in the U.S ...

Google to stop scanning Gmail for ad targeting

June 23, 2017

Google said Friday it would stop scanning the contents of Gmail users' inboxes for ad targeting, moving to end a practice that has fueled privacy concerns since the free email service was launched.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.