A report into the security of the world's nuclear facilities put together by analysts at Chatham House suggests the hacktivists and state-sponsored disrupters of the world might soon turn on our generating infrastructure, suggesting that the "off-the-shelf" nature of nuclear control systems makes them particularly vulnerable.
The worrying report says: "The conventional belief that all nuclear facilities are ‘air gapped’ (isolated from the public internet) is a myth. The commercial benefits of internet connectivity mean that a number of nuclear facilities now have VPN connections installed, which facility operators are sometimes unaware of," warning that search engines can ID infrastructure connections and flash drives obviously get around any external firewalls.
In short, they're hackable. The report authors also say they're vulnerable to the same technical stupidity failings as any other workplace, warning that: "A lack of training, combined with communication breakdowns between engineers and security personnel, means that nuclear plant personnel often lack an understanding of key cyber security procedures."
This all comes together to have the group warn that a "serious cyber attack" conducted on a state's nuclear generation system is a distinct possibility, and one that could instantly ruin the reputation of nuclear for a generation. Those looking forward to Hinkley Point C getting built had better hope that any possible nuclear hacks happen after the deal is signed. [Chatham House]