HackDig : Dig high-quality web security articles for hackers

UK’s Nuclear Industry at Risk of Major Cyber-Attack

2015-10-05 15:20

The UK’s nuclear facilities are at risk of a major cyber-attack, thanks to a lack of awareness among senior executives and an increasing trend towards digitization, according to a new report.

Chatham House spoke to 30 “leading industry practitioners” to compile its report, Cyber Security at Civil Nuclear Facilities: Understanding the Risks.

It pointed to serious deficiencies in the supply chain, meaning equipment at nuclear plants could be compromised at any stage.

Also highlighted were an overly reactive approach to cybersecurity, a lack of staff training, and communication breakdowns between engineers and security personnel.

Facilities aren’t ‘air gapped’ as many believe but connected to the internet, with all the risks this entails, the report continued.

And hackers can easily find critical infrastructure components via a web search.

The report recommended the development of risk assessment guidelines, and the adoption of regulatory standards.

It also suggested that nuclear facilities implement rules promoting good IT hygiene, and that engineers and contractors are educated about cybersecurity risk.

Tony Berning, senior manager at development tools maker OPSWAT, argued that portable media is often used to spread malware across air-gapped systems.

“While imperative to the protection of critical infrastructure, securing portable media devices is not easily done, and there are many requirements that can impact the portable media security policies for operators of critical infrastructure,” he added.

“In many cases, there is no single source for an organization’s portable media security policy, and individual facilities may require unique security policies.”

Berning warned that many of the SCADA and ICS systems which run nuclear plants were built decades ago when cybersecurity wasn’t a major issue.

“To add cybersecurity defenses to these systems is a major task, coupled with the fact that, due to their critical nature, downtime for system upgrades is virtually impossible,” he added.

Berning urged the UK’s nuclear operators to air gap systems or else protect them with firewalls and intrusion prevention systems, and to conduct regular penetration testing.


Source: /fo-ksir-ta-yrtsudni-raelcun-sku/swen/moc.enizagam-ytirucesofni.www

Read:4284 | Comments:0 | Tags:No Tag

“UK’s Nuclear Industry at Risk of Major Cyber-Attack”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools