VIENNA — Governments, industry, and international organizations should work together to boost the cyber defense capabilities at nuclear facilities worldwide, according to a report from the nongovernmental Nuclear Threat Initiative (NTI), released at a Wednesday side event during the International Atomic Energy Agency’s International Conference on Nuclear Security.
NTI’s Outpacing Cyber Threats report says traditional cyber defense methods at nuclear facilities, including the use of firewalls and antivirus technology, are not adequate to address current threats that stem from an increased digitalization at nuclear power plants and other nuclear facilities.
The report notes several recent instances in which cybersecurity was compromised at nuclear facilities. “In 2016, a German nuclear power plant was found to be infected with malware, and officials discovered a spear-phishing campaign that had been exfiltrating data from a Japanese research center for months,” NTI said. The year before, the Ukrainian power grid faced a cyber attack that took out power in parts of the country for several hours, and a Japanese facility that handles nuclear materials discovered malware in its systems.
The report outlines four priorities determined by a group of experts to address cyber vulnerabilities. These are: institutionalizing cybersecurity, by which governments and regulators could develop and implement regulatory frameworks informed by physical nuclear safety and security practices; mounting active defenses, in which nuclear facilities could update their prevention and response plans; reducing complexity, or minimizing complexity in critical systems, including by transitioning to nondigital systems; and pursuing transformation, or government funding of transformative research into new technologies for these new threats.
Nuclear industry should play a role as well, NTI’s report says, by recruiting cybersecurity expertise, developing active defense capabilities at the facility level, removing excess functionalities in complex systems, and supporting the cybersecurity efforts of organizations such as the IAEA. International organizations, in the meantime, could expand their focus on global cooperation on nuclear facility cyber issues, facilitate threat information sharing, and provide a forum for discussions on relevant topics, the report says.
The Y-12 National Security Complex in Tennessee said this week it received a 2016 Star of Excellence workplace safety award from the National Voluntary Protection Programs Participants’ Association (VPPPA).
The award, which recognizes facilities with a recordable injury rate 75 percent stronger than U.S. businesses in the same industry, was presented in September at the VPPPA Safety and Health Conference in Kissimmee, Fla., according to a Y-12 press release.
Contractor Consolidated Nuclear Security manages the nuclear-weapon facility for the Department of Energy’s semiautonomous National Nuclear Security Administration. It was recognized for its operations in 2015.
“The award provided by the Department of Energy recognizes a contractor for excellence in safety and health systems going above and beyond requirements and demonstrating effective management commitment and employee involvement while applying the Integrated Safety Management System, Brad Davy, who heads DOE’s Office of Worker Safety and Health Assistance, said in the release.
“The Star criteria is a threshold, but it doesn’t mean that we’re satisifed with that — that we’re finished,” said Chris Cantwell, CNS senior director of environment, safety, and health. “We will strive to improve far beyond the minimum.”
