The NTI’s Nuclear Security Index report for 2018 also says the industry needs to improve the quality and quantity of cyber-nuclear experts.
The report says cyberattacks could lead to the theft of nuclear materials or an act of sabotage, potentially resulting in catastrophic public health and economic consequences.
“Government and facilities’ responses to the risk of cyberattacks too often are inadequate,” the report says. It calls for effective cybersecurity measures – from incorporating cyber threats into threat assessments to mandating that nuclear facility licensees have cyber-incident response plans – must be incorporated into government regulations and facility operations.
But it says the challenge is not just for governments and regulators. Leaders, technical specialists, and operators at nuclear facilities must develop and implement plans that keep pace with the threat.
“Governments should require – and facility operators should implement – information and operational technology systems that are resilient in the face of the cyber threat,” the report says.
The reports warns that the cyber threat continues to evolve, outpacing defences and regulations in many countries. Like any new threat, restructuring or energising teams to build systems and processes that are resilient to cyberattack requires consistent improvement and leadership. “Dedicated efforts are needed to embed cybersecurity best practices into the culture of nuclear facilities,” the report says.
The report is online: https://bit.ly/2CsczRm