G2TT
来源类型Chatham House Report
规范类型报告
Cyber Security at Civil Nuclear Facilities: Understanding the Risks
David Livingstone MBE DSC; Caroline Baylon; Roger Brunt
发表日期2015-10-05
出版年2015
语种英语
概述The risk of a serious cyber attack on civil nuclear infrastructure is growing, as facilities become ever more reliant on digital systems and make increasing use of commercial ‘off-the-shelf’ software, according to a new Chatham House report.
摘要

The report finds that the trend to digitization, when combined with a lack of executive-level awareness of the risks involved, means that nuclear plant personnel may not realize the full extent of their cyber vulnerability and are thus inadequately prepared to deal with potential attacks.

Specific findings include:           

  • The conventional belief that all nuclear facilities are ‘air gapped’ (isolated from the public internet) is a myth. The commercial benefits of internet connectivity mean that a number of nuclear facilities now have VPN connections installed, which facility operators are sometimes unaware of.
  • Search engines can readily identify critical infrastructure components with such connections.
  • Even where facilities are air gapped, this safeguard can be breached with nothing more than a flash drive.
  • Supply chain vulnerabilities mean that equipment used at a nuclear facility risks compromise at any stage.
  • A lack of training, combined with communication breakdowns between engineers and security personnel, means that nuclear plant personnel often lack an understanding of key cyber security procedures.
  • Reactive rather than proactive approaches to cyber security contribute to the possibility that a nuclear facility might not know of a cyber attack until it is already substantially under way.                

In the light of these risks, the report outlines a blend of policy and technical measures that will be required to counter the threats and meet the challenges.

Recommendations include:

  • Developing guidelines to measure cyber security risk in the nuclear industry, including an integrated risk assessment that takes both security and safety measures into account.
  • Engaging in robust dialogue with engineers and contractors to raise awareness of the cyber security risk, including the dangers of setting up unauthorized internet connections.
  • Implementing rules, where not already in place, to promote good IT hygiene in nuclear facilities (for example to forbid the use of personal devices) and enforcing rules where they do exist.
  • Improving disclosure by encouraging anonymous information sharing and the establishment of industrial CERTs (Computer Emergency Response Team).
  • Encouraging universal adoption of regulatory standards.
主题Cyber Security ; International Security ; Nuclear Energy ; Nuclear safety
URLhttps://www.chathamhouse.org/publication/towards-new-global-business-model-antibiotics-delinking-revenues-sales
来源智库Chatham House (United Kingdom)
资源类型智库出版物
条目标识符http://119.78.100.153/handle/2XGU8XDN/49524
推荐引用方式
GB/T 7714
David Livingstone MBE DSC,Caroline Baylon,Roger Brunt. Cyber Security at Civil Nuclear Facilities: Understanding the Risks. 2015.
条目包含的文件
条目无相关文件。
个性服务
推荐该条目
保存到收藏夹
导出为Endnote文件
谷歌学术
谷歌学术中相似的文章
[David Livingstone MBE DSC]的文章
[Caroline Baylon]的文章
[Roger Brunt]的文章
百度学术
百度学术中相似的文章
[David Livingstone MBE DSC]的文章
[Caroline Baylon]的文章
[Roger Brunt]的文章
必应学术
必应学术中相似的文章
[David Livingstone MBE DSC]的文章
[Caroline Baylon]的文章
[Roger Brunt]的文章
相关权益政策
暂无数据
收藏/分享

除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。