The amount of harm inflicted on a country and its local infrastructure can be vast and expensive to handle when nuclear systems are damaged or misused as seen in the Fukushima and Chernobyl disasters. Though this is a situation where the outcome is at least somewhat predictable, if a civil nuclear system were to be hacked, the repercussions would be immeasurably worse.
As of right now, our nuclear power plants remain incredibly vulnerable to a breach. The most common threat currently comes from employees whom work at these plants and exchange information between the servers at the plant and their personal computers. Basically, what this allows for is any viruses or malware to be transferred to the power plant’s mainframe that could cause the plant’s functions to behave abnormally. It could also allow hackers to control some of its functions if the right malware (allowing a remote take over) was installed onto the machine connecting to the plant (1). The most recent new malware introduced, ‘Ransomware’ poses the largest and most disastrous threat to systems such as these, as the virus is designed to infiltrate the computer, activate some of the functions, and encrypt the files until some payment in bitcoin is met which is the only hope for receiving a decryption of the files. The worst-case scenario is that the ransom could end up being paid, but hackers don’t return control of the system, which would require a full and complete shut down of the plant.
It is an important note to make that executives at these power plants are not considering cyber breach a worthwhile threat to their plants right now. This is in part due to lack of knowledge when it comes to the concept of cybersecurity. These plant managers basically cite that an “air gap” exists, which essentially means that there is no connection between the servers at the nuclear facilities and the internet. This belief would lead to there bing no chance of any malware even gaining access to any of the nuclear systems. However as previously stated, all it would take is for someone with or without malicious intentions is to insert an infected flash drive into the system. As cloud technology also grows to take new forms, different ways in such as VPN (virtual private networks) will also be able to gain hackers access (2).
(1) Paganini, +p. (2015) Civil nuclear facilities worldwide at risk of cyber attack. Available at: http://securityaffairs.co/wordpress/40773/cyber-crime/civil-nuclear-facilities-security.html (Accessed: 21 June 2016).
(2) Storm, D. (2015) Anonymous insiders reveal real hacking risks to nuclear power plants, report. Available at: http://www.computerworld.com/article/2989247/cybercrime-hacking/anonymous-insiders-reveal-real-hacking-risks-to-nuclear-power-plants-report.html (Accessed: 21 June 2016).
Image: © Christopher Elwell | Dreamstime.com - <a href="https://www.dreamstime.com/royalty-free-stock-photo-powerstation-cooling-towers-image3844655#res14972580">Powerstation cooling towers</a>