We all know various connected infrastructure defences are vulnerable; these include recent attacks on high-profile websites and also communication arms of governments and well-known individuals. Technically anything can be hacked and therefore robust implementations need to be focused on securing data within organizations. Nuclear facilities are one such example and a new report warns of an increasing threat of a cyber attack that focuses on these plants.
The report by the influential Chatham House think tank studied cyber defences in power plants from around the world over an 18-month period; its conclusions are that “The civil nuclear infrastructure in most nations is not well prepared to defend against such attacks”. It pinpoints “insecure designs” within the control systems as one of the reasons for a possible future breach, the cause of this is most likely the age of the facilities and the need for modernization.
The report also disproves the myth surrounding the belief that nuclear facilities are immune from attacks due to being disconnected from the Internet. It said that there is an “air gap” between the public internet and nuclear systems that was easy to breach with “nothing more than a flash drive” Great, in theory that little USB drive could cause a nuclear holocaust. The report noted the infection of Iran’s facilities was down to the Stuxnet virus that used the above route.
The researchers for the report had also found evidence of virtual networks and other “links to the public internet on nuclear infrastructure networks. Some of these were forgotten or simply unknown to those in charge of these organisations”.
It was found by the report that search engines that sought out critical infrastructure had “indexed these links” and thus made it easy for attackers to find ways into networks and control systems.
This report has cheered me right up, it is noted that nuclear facilities are stress tested to withstand a variety of long-standing scenarios, though there does need to be a better understanding from staff in charge of the infrastructure in order to limit any potential damage a breach could inflict. The industry needs to adapt, gone are the days of one or two experts who could hack into a system, from state-sponsored cyber attacks to a teenager in their bedroom, the knowledge base is growing day by day and many companies are paying the price for poor security.
Let’s hope it’s not a nuclear power plant,
Thank you bbc for providing us with this information.
Image courtesy of zeenews