1 / 17

HITTING THE ‘SNOOZE’ BUTTON ON NUCLEAR SECURITY: The Cyber Threat to Nuclear Facilities

A cyber attack on a nuclear facility could have devastating consequences. This article discusses the cyber threat to nuclear facilities, using the Stuxnet case as a case study. It highlights the lack of regulations requiring cybersecurity at nuclear facilities and the need for progress in this area. The article concludes with suggestions on how to move forward and improve response capabilities.

btyler
Download Presentation

HITTING THE ‘SNOOZE’ BUTTON ON NUCLEAR SECURITY: The Cyber Threat to Nuclear Facilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HITTING THE ‘SNOOZE’ BUTTON ON NUCLEAR SECURITY:The Cyber Threat to Nuclear Facilities Alexandra Van Dine Program Associate, Scientific and Technical Affairs Nuclear Threat Initiative vandine@nti.org (202)454-7758

  2. A cyber attack on a nuclear facility could have devastating consequences

  3. Cyber attacks on critical infrastructure are not unprecedented…

  4. Stuxnet: A Case Study • Precision cyber weapon targeted on Natanz, an Iranian uranium enrichment facility • Air-gapped, secret until 2002 • Impacted Siemens programmable logic controllers specifically • Physically affected and damaged spinning centrifuges

  5. But I don’t have an illegal nuclear weapons program— why should I care?

  6. It’s not just Iran… Takeaway: 20 of 47 countries with weapons-usable nuclear materials or significant nuclear facilities have zero regulations requiring cybersecurity at nuclear facilities

  7. TARGET INTENT WEAPON Bottom Line: in the future, a less secure, higher-consequence facility could be attacked by an adversary intending to cause harm with a far less discriminate weapon.

  8. Cyber threat exacerbated by several factors TECHNICAL VULNERABILITIES INSUFFICIENT RESPONSE CAPABILITY LACK OF HUMAN CAPACITY CURRENT STATE OF AFFAIRS

  9. What is preventing progress? Complexity of Digital/Physical Systems Compliance Mindset Uneven Distribution of Limited Human Capacity Bureaucratic Inertia Cost Bridging Technical/Policy Language Gap

  10. How can we move forward? Improve response capabilities at home and abroad Build global human capacity in this area Rethink existing principles and best practices Consider disruptive technological solutions

  11. Thank You!

  12. Backup Slides

  13. Has Stuxnet motivated any reforms in facility security? • Some recent movement on regulations • Not necessarily a product of Stuxnet • Implementation not yet adequate • Relevant areas not always covered (e.g. nuclear materials accounting) • Facility security measures have not kept pace with the threat • Laptops, flash drives • Digital systems • Inadeqate security measures (e.g., firewalls, airgaps, antivirus) • Outdated safety analyses

  14. A variety of nuclear systems are vulnerable to cyber attacks with physical consequences • Physical Protection • Theft • Sabotage • Power Generation • Sabotage • Radiation release • Fuel Processing • Theft • Sabotage • Materials Accountancy • Theft • Diversion

  15. NTI Index Cyber Indicators

  16. Nuclear reactors planned, proposed, under construction

  17. NTI Engagement • National laboratories • Regulators (U.S. & Int’l) • Operators • IAEA • Academia • Silicon Valley

More Related