Nuclear Facilities At Risk of Cyber Attack
It appears as if Nuclear Facilities At Risk of Cyber Attack. According to a new report by Chatham House (2015), nuclear facilities are a major risk to a cyber attack. Standard factory-set passwords such as “1234” are being used for default vendor logins (Financial Times, 2015)
- At Ignalina nuclear power plant (1992) in Lithuania, a technician intentionally introduced a virus into the industrial control system, which he claimed was “to highlight cyber security vulnerabilities”.
- The David-Besse nuclear power plant (2003) in Ohio was infected by the Slammer worm which disabled a safety monitoring system for almost five hours.
- The Browns Ferry nuclear power plant (2006) in Alabama experienced a malfunction of both the reactor recirculation pumps and the condensate deminerliser controller (a type of PLC).
- The Hatch nuclear power plant (2008) was shutdown as an unintended consequence of a contractor’s software update.
- An Unnamed Russian nuclear power plant (circa 2010) was revealed by Eugene Kaspersky to have been “badly infected by Stuxnet”.
- South Korea’s Korea Hydro and Nuclear Power Co. commercial network (2014) was breached, and information was stolen. The attack was subsequently attributed to North Korea.
Reports like this one are very scary for multiple reasons. Policies and guidelines need to be revised and revamped to fix any issues that could be harmful to national security. A few basics would be to change all default passwords. Ideally the passwords should have a set guidelines and changed regularly as well. Another basic idea would be training. The training should reflect policies and procedures, different types of attacks and anything else that would raise cyber security awareness at these facilities.
Chatham House (2015) released its report in its entirety and it is full of findings and recommendations. Some recommendations include implementing rules, where not already in place, to promote good IT hygiene in nuclear facilities and enforcing rules where they do exist. This should focus primarily (at first) on the use of personal devices. Between the computing power of most smartphones and the camera on these devices should be enough to ban from secure facilities.
If you are interested in all of the findings and recommendations that Chatham House (2015) has released, then you can download the PDF document under recommendations.
Check out our other blog about Nuclear Facility Cyber Security here.
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.