Nuclear Facilities At Risk of Cyber Attack

Nuclear Facilities At Risk of Cyber Attack

It appears as if Nuclear Facilities At Risk of Cyber Attack. According to a new report by Chatham House (2015), nuclear facilities are a major risk to a cyber attack. Standard factory-set passwords such as “1234” are being used for default vendor logins (Financial Times, 2015)

The Register(2015), referenced a few cyber security incidents at nuclear facilities from 1992 to 2014 from the PDF report by Chatham House (2015). Some of the findings were:

  • At Ignalina nuclear power plant (1992) in Lithuania, a technician intentionally introduced a virus into the industrial control system, which he claimed was “to highlight cyber security vulnerabilities”.
  • The David-Besse nuclear power plant (2003) in Ohio was infected by the Slammer worm which disabled a safety monitoring system for almost five hours.
  • The Browns Ferry nuclear power plant (2006) in Alabama experienced a malfunction of both the reactor recirculation pumps and the condensate deminerliser controller (a type of PLC).
  • The Hatch nuclear power plant (2008) was shutdown as an unintended consequence of a contractor’s software update.
  • An Unnamed Russian nuclear power plant (circa 2010) was revealed by Eugene Kaspersky to have been “badly infected by Stuxnet”.
  • South Korea’s Korea Hydro and Nuclear Power Co. commercial network (2014) was breached, and information was stolen. The attack was subsequently attributed to North Korea.

Our Analysis

Reports like this one are very scary for multiple reasons. Policies and guidelines need to be revised and revamped to fix any issues that could be harmful to national security. A few basics would be to change all default passwords. Ideally the passwords should have a set guidelines and changed regularly as well. Another basic idea would be training. The training should reflect policies and procedures, different types of attacks and anything else that would raise cyber security awareness at these facilities.

Chatham House (2015) released its report in its entirety and it is full of findings and recommendations. Some recommendations include implementing rules, where not already in place, to promote good IT hygiene in nuclear facilities and enforcing rules where they do exist. This should focus primarily (at first) on the use of personal devices. Between the computing power of most smartphones and the camera on these devices should be enough to ban from secure facilities.

If you are interested in all of the findings and recommendations that Chatham House (2015) has released, then you can download the PDF document under recommendations.

Check out our other blog about Nuclear Facility Cyber Security here.

Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this blog and to our Podcast.


Chatham House
Financial Times
The Register
Our blog about the US Department of Energy’s Cyber Attacks

Enter your email address:

Delivered by FeedBurner

Contact Us

Subscribe to our mailing list

* indicates required

About Scott Entsminger

Scott Entsminger was born and raised in Virginia. He graduated from Radford University with a Bachelor’s of Science in Criminal Justice. Scott has worked for the Department of Defense since graduating college. He is an expert in Windows Administration; with specific experience in Group Policy and vulnerability remediation. He also has specific experience in Information Assurance (IA) and Cyber Security. Scott holds the CompTIA Security+ certification. He is always looking to diversify his skillset. Scott is an avid sports fan, particularly baseball. He also is an avid gamer and enjoys learning different skills involving his PC.