COVID-19 Update: Due to the current situation, here are some helpful resources | Learn More

Nuclear Energy Insider: Social engineering seen as rising cyber threat to nuclear industry

The use of social engineering to mount attacks on business data and information networks is emerging as a major risk to cyber security at nuclear power plants, experts told Nuclear Energy Insider.

Nuclear plant operators have agreed to improve cyber security across all facilities by collaborating with national organisations and other industries to share best practices and information on prevented and detected incidents.

At a global nuclear security summit held in Washington in March, operators agreed to “move beyond traditional security solutions and develop more effective technological approaches to cyber security,” according to a group statement, published by U.S. Nuclear Energy Institute (NEI). Operators would work with vendors to “minimize vulnerabilities in the technology supply chain,” the statement said.

U.K. think tank Chatham House said in October that executive management and on-the-ground nuclear personnel may not realize plant vulnerability to cyber threats and are inadequately prepared to deal with cyber attacks.

Conventional industry thinking that all nuclear facilities are ‘air-gapped’ (isolated from the public internet) is misinformed, Chatham House said in a report. The think tank conducted 18 months of research including 30 interviews with nuclear industry staff in U.S., Canada, U.K., France, Germany, Japan, Ukraine and Russia.

In one recent incident, German operator RWE said April 27 that computer viruses had infected PCs and USB files used at its Gundremmingen plant nuclear power plant. RWE said the infection posed no threat to plant operations because its control systems were not linked to the internet and German federal cyber investigators would investigate the incident, according to media reports.

Growing issue

The growth of digital communications to improve collaboration and productivity in the workplace has seen a rising number of unauthorized incursions linked to employees, according to the U.K. Government’s 2015 Information Security Breaches Survey, conducted by PWC.

Some 90% of large businesses, which included respondents from the energy sector, reported at least one attack last year and 75% reported a staff-related incident, up from 58% in 2014, the survey said.

Last year 15% of large U.K. organisations had a security or data breach involving smartphones or tablets, up from 7% in 2014. Some 13% of large organisations identified a data or security breach relating to social network sites, compared with 12% in 2014.

 

Read the rest on Nuclear Energy Insider

« Back to the news archive