A report has revealed that nuclear power stations around the world are at risk from cyber attacks because their senior management are not aware of the issues and equipment and systems are antiquated.
The research, by Chatham House, involved talking to 30 experts based in the US, UK, Canada, France, Germany, Japan, Ukraine and Russia about the security measures in place to protect against cyber attacks over an 18-month period.
It revealed that many of the issues stem from the power plants being connected to the public internet via virtual networks, leaving them open to attack by criminals. What makes the situation worse is that the links to these parts of critical infrastructure have been indexed by search engines, making it easy for attackers to access systems.
These problems haven't been recognised and acted upon because either it had either been forgotten they were in operation or executives weren't aware of the possible holes.
The reason such establishments don't have stringent security measures in place is because they often use old systems that haven't been updated to deal with new threats.
"One example of the 'insecure by design' nature of industrial control systems is the lack of authentication and verification," the report said. "This obedience leaves nuclear facilities' control systems "particularly vulnerable to man-in-the-middle attacks that alter the communication between two devices".
However, the Nuclear Industry Association said cyber security is of paramount importance to power station operations.
"All of Britain's power stations are designed with safety in mind and are stress-tested to withstand a vast range of potential incidents," Keith Parker, chief executive of the Nuclear Industry Association, said. "Power station operators work closely with national agencies such as the Centre for the Protection of National Infrastructure and other intelligence agencies to always be aware of emerging threats."
