Cyber-Attack on Nuclear Facilities Could Cause Radiation Leaks

Fukushima
Workers wearing radiation protective gear rest on a road at TEPCO's tsunami-crippled Fukushima Daiichi nuclear power plant in Fukushima prefecture, November 12, 2014. Shizuo Kambayashi/Pool/Reuters

Nuclear power plants across the globe are at increasing risk of cyber-attacks, which could ultimately lead to radiation leaks, according to a new report by the U.K.-based international affairs think tank, Chatham House.

In a worst-case scenario, the report says, cyber-attacks could result in a release of ionizing radiation with potentially disastrous impacts on local populations. Caroline Baylon, the report's lead author, says such a breach could lead to similar consequences as those seen after the 2011 Fukushima disaster in Japan, which caused three nuclear meltdowns and forced the evacuation of more than 160,000 residents. "The threat [of such a large-scale] attack isn't immediate," says Baylon, "but if we let the situation continue, what's it going to be like in three or four years?"

The report, which looked at nuclear facilities around the world over an 18-month period, also found that the so-called "air gap" between public Internet and internal systems at nuclear facilities can be breached with "nothing more than a [USB] flash drive." This was exemplified by the Stuxnet worm in 2010, which caused centrifuges to fail at Iran's main nuclear facility. So something as simple as employees installing a personal device onto a nuclear facility's internal network could open it up to attacks. "That," Baylon says, "might all of a sudden open up a vulnerability."

The authors of the report highlighted a number of areas where improvements are needed to protect the industry from the "ever-present" threat posed by state-sponsored and independent hackers. A comprehensive set of guidelines measuring cyber-security risk should be developed and nuclear facilities must be encouraged to admit attacks anonymously, say the report's authors, who believe disclosure of such attacks is limited due to concern about reputation damage.