Imagine this horrific scenario: Cyberterrorists have engaged in a spear-phishing attack to gain entry into the systems of a nuclear power station. With the invasion accomplished, the terrifying hackers have injected malware like BlackEnergy into the system. The dangerous cyber terrorists use their cruel talents to cut off electricity to several critical areas of the power station. They also disconnect the key backup generators – putting hazardous radioactive materials at risk.
With no electricity controlling the coolant systems, a crisis begins to take place sending the power station into a disastrous and catastrophic meltdown – not dissimilar to the one caused by the 2011 tsunami in Fukushima -where there is still a controversial ongoing recovery happening.
At first glance, you might consider this possibility a little bit far fetched. Some knowledge about the recent blackout in Ukraine, however, where cyber criminals did hack the grid using BlackEnergy malware – makes you start to have the nightmare realization – that perhaps the fatal storyline could someday come true.
Now, the third edition of a ‘threat index’ released by Nuclear Threat Initiative (NTI) (which was developed cooperatively with the Economist Intelligence Unit), has got a lot of people quaking in their boots. The disturbing report exposes the inadequate security levels of nuclear facilities in 20 countries – some which were awarded the minimum possible rating of zero – for cyber attack preparedness. Worryingly, the report also reveals that a number of those places have been expanding their use of nuclear energy in recent years.
‘Given the potential consequences, all states must work aggressively to ensure that their nuclear facilities are protected from cyber attacks. Governments should include the cyber threat within the national threat assessment for their nuclear facilities, and they should put in place a clear set of laws, regulations, standards, and licensing requirements for all nuclear facilities that require protection of digital systems from cyber attacks.
‘At the facility level, leadership must prioritize cybersecurity, determine potential consequences, and implement a program that ensures that digital assets and networks are characterized and secured and that the security is routinely tested.’
In the report, which is considered the primary tool for assessing nuclear safety worldwide, NTI also explains how a nefarious entity could use a cyber attack to steal weapons-grade nuclear material from a facility,
‘For example, access control systems could be compromised, thus allowing the entry of unauthorized persons seeking to obtain nuclear material or to damage the facility. Accounting systems could be manipulated so that the theft of material goes unnoticed.’
Staggeringly, despite a rise in the global threat of terrorism, and statistical evidence of increased global cyber attacks – year on year – the NTI index reveals that the nuclear sector has actually slowed its efforts to improve security since the release of the second report, back in 2014.
For example, although 12 out of 24 countries that are considered at risk on the ‘theft ranking’ have actively been seeking to reduce the amount of weapons-usable nuclear materials they have stockpiled – six countries on that list have actually increased the amount of deadly nuclear materials they have shamelessly lying around.
Of countries that are managing their stocks better, Australia came out on top of the ‘theft ranking’ list of countries – for the third time – with Switzerland and Canada ranking second and third. Finland came out as best in the newly added ‘sabotage ranking’ with Australia, Canada, and the UK in 2nd, 3rd, and 4th.
Talking about the recently published index, NTI Co-Chairman, and former U.S. Senator Sam Nunn said the following,
‘The purpose of the NTI Index is not to award gold medals or scold those who do not score well. Our purpose is to show how all countries can improve the security of dangerous nuclear materials.
Significant progress deserving of two cheers and applause has been made, but the world has miles to go before we sleep.’
Despite the encouraging undertones from the co-chairman, however, it remains true that since the last list was published in 2014, no real improvements have been made in a number of important areas that are considered vital to nailing down the safety of highly enriched uranium and plutonium. These include on-site physical protection, insider threat prevention, control and accounting, physical security during transport, and response capabilities.
With half of the countries on the list found to have not even a single security measure in place to stop cyber attacks from happening, it seems pretty clear that not enough is being done to ensure that nations do not wantonly expose their apocalyptic nuclear reserves to the risk of cybercrime. Troublesome considering that we are living in a time when cybercrime is quickly becoming the most dangerous potential risk to humanity – ever. Commenting on the fourth Nuclear Security Summit that is due to happen from March 31-April 1, NTI President Joan Rohlfin said,
‘The current global nuclear security system has dangerous gaps that prevent it from being truly comprehensive and effective. Until those gaps are closed, terrorists will seek to exploit them. Leaders must commit to a path forward when they meet this spring. The consequences of inaction in the face of new and evolving threats are simply too great.’