This site may earn affiliate commissions from the links on this page. Terms of use.

Norse hacking map

A new report from globe-leading international call up tank Chatham Firm says that the The states nuclear industry is mired in a "culture of denial" about the risks of a cyber-attack on the crucially important facilities. Non merely are there huge and preventable lapses in security, the report alleges, but there is a general tendency to take the improbable and "recast" it every bit impossible — precisely the trouble that allowed the Fukushima Daichi disaster to occur, despite it being technologically avoidable. (Read a summary of the report, or the full text.)

The Fukushima Daichi nuclear disaster spiraled as far out of control as it did for one simple reason: the diesel fuel generators which powered the coolant systems for the reactor were physically destroyed by the tsunami. In combination with the simultaneous earthquake-and-tsunami-driven failure of multiple other safety systems, this led to a cascading failure and the dreaded meltdown scenario — the temperature in the cadre exceeded the melting temperature of the nuclear sample. This report has been cast equally a dire warning that even a moderate-level cyber-set on could achieve like destruction past inactivating such safety and maintenance routines through a cyber-attack.

Norse real-time hacking map, showing a coordinated attack from China towards the US

Norse real-time hacking map, showing a coordinated attack from Mainland china towards the US

Let's be clear: this report is tremendously worrying, and it reveals a lackadaisical mental attitude toward cyber-security that pervades more than merely the nuclear industry. The ability institute industry in general is run by turn a profit-maximizing barons of capital — it should not exist surprising that they cut corners where they tin, and go lazy when allowed to. Funding bug may also come into play, every bit a lack of well-trained employees is cited as causing some of the potential problems.

The report says that while all nuclear facilities are supposed to be "air-gapped," or disconnected from the public internet, some facilities have started to bring in VPN connections, pointing out that search engines (like SHODAN) could find such facilities to build a list of possible targets.

Fukushima reactor

The Fukushima cleanup endeavor.

However, it'due south necessary to describe some hard limits on merely how arm-flappingly upset nosotros demand to become nearly this threat. Ane oft-referenced judgement in the report says in a rather offhand way that "some of the effects" of the Fukushima meltdown could be achieved by a cyber-assail on peripheral infrastructure like a diesel generator — but so immediately points out that such an result would require the simultaneous takedown of multiple other safety systems.

In reality, the cyber-threat to nuclear power plants is much like that to all other power plants: they might stop working. Information technology's virtually (though not totally!) inconceivable that a hacker with any corporeality of access could come up with a manner to eject radioactive material into the environs — but non at all inconceivable that they could send the plant's safety routines into panic manner, shutting downwards production and crippling a whole area of the country.

The much more reasonable encroachment to truthful panic is in their discussion of simultaneous attacks form multiple sources — a cyber-attack times to coincide with a concrete one like an earthquake or the touch rocket propelled grenade.That could be truly horrifying, allowing cyber workarounds for physical security systems, and concrete workarounds for cyber security systems.

Cyber security really isn't all that hard.

Cyber security really isn't all that hard.

Many of the worst problems are cultural, rather than technological or procedural, as Chatham House referenced by bringing up the culture of deprival. Every bit mentioned, in some cases the problems arose from outright disregarding the regime regulations, others from relaxing downward into the cracks in legal wordings.

Who might launch such an set on? Activists and trouble-makers like Anonymous are unlikely — they cherish their ability to think of themselves every bit holding the moral high footing. Any sort of mod power-on-power physical invasion is admittedly always accompanied by cyber-attacks to bring down infrastructure.