A large number of countries aren't prepared to deal with cyberattacks on their nuclear energy system

Jan 15, 2016 03:27 GMT  ·  By

By coincidence, two studies were released yesterday and they both put more light on the sorry state of cyber-security protocols used in nuclear power plants that fail to protect these crucial infrastructure points against cyberattacks.

The first study is an audit of Security Operations Center (SOC) for the US Nuclear Regulatory Commission (NRC), carried out by the Office of the Inspector General (OIG).

This audit revealed that, between 2013 and 2014, the NRC recorded an 18% increase in security incidents, way above the average of 9.7% recorded for other government institutions. These incidents include unauthorized access to computer systems, detection of malicious code, policy violations, social engineering attempts, lost devices, scans, probes, and other access attempts.

NRC staff recognized their situation and admitted to auditors that they need better monitoring tools, but also asked for more timely and in-depth reports from the SOC.

The audit revealed that, despite shortcomings, SOC does meet the necessary quality control criteria to continue operating, but some changes also need to be made.

20 countries have power plants vulnerable to cyberattacks

Worldwide, the situation is grim, and a study by the Nuclear Threat Initiative (NTI) revealed that 20 countries with extensive nuclear energy systems are vulnerable to cyberattacks.

There are 47 countries on the index, with 24 states that have weapon-usable nuclear materials at hand, and 23 states that have nuclear facilities but don't produce weapons-usable nuclear materials.

Out of all these, only 13 got a perfect score in terms of cyber-security, and those are Australia, Belarus, Bulgaria, Canada, Finland, France, Hungary, the Netherlands, Russia, Switzerland, Taiwan, the United Kingdom, and the United States.

At the bottom of the index, 20 countries managed to score 0, both in terms of cyber-theft and cyber-sabotage.

This list of countries includes Algeria, Argentina, Armenia, Bangladesh, Belgium, Brazil, Chile, China, Egypt, Indonesia, Iran, Italy, Kazakhstan, Mexico, Morocco, North Korea, Peru, Slovakia, Spain, and Uzbekistan.

Some of the states recognized the danger of cyberattacks, and in the past two years, eight countries updated laws and regulations to cater to this new threat category.

Just like nuclear power plants, companies in the oil and gas sector also recorded a rise in cyberattacks.

UPDATE: We have updated the story to better reflect the audit's results, changing the term of cyberattack to security incident.

Cyber-security NTI index scores
Cyber-security NTI index scores

Photo Gallery (2 Images)

Power plants vulnerable to cyberattacks, study finds
Cyber-security NTI index scores
Open gallery