A large number of countries aren’t prepared to deal with cyberattacks on their nuclear energy system.
By coincidence, two studies were released yesterday that put more light on the sorry state of cyber-security protocols used in nuclear power plants that fail to protect these crucial infrastructure points against cyberattacks.
The first study is an audit of Security Operations Center (SOC) for the US Nuclear Regulatory Commission (NRC), carried out by the Office of the Inspector General (OIG).
This audit revealed that between 2013 and 2014, cyberattacks against US power plants grew with 18%, way above the average of 9.7% recorded for other government institutions.
NRC staff recognized their situation and admitted to auditors that they need better monitoring tools, but also asked for more timely and in-depth reports from the SOC.
The audit revealed that despite shortcomings, SOC does meet the necessary quality control criteria to continue operating, but some changes also need to be made.
20 countries have power plants vulnerable to cyberattacks
Worldwide the situation is grim, and a study by the Nuclear Threat Initiative (NTI) revealed that 20 countries with extensive nuclear energy systems are vulnerable to cyberattacks.
There are 47 countries on the index, with 24 states that have weapon-usable nuclear materials at hand, and 23 states that have nuclear facilities, but don’t produce weapons-usable nuclear materials.
Out of all these, only 13 got a perfect score in terms of cyber-security, and those are Australia, Belarus, Bulgaria, Canada, Finland, France, Hungary, the Netherlands, Russia, Switzerland, Taiwan, the United Kingdom, and the United States.
At the bottom of the index, 20 countries managed to scored 0, both in terms of cyber-theft and cyber-sabotage.
This list of countries includes Algeria, Argentina, Armenia, Bangladesh, Belgium, Brazil, Chile, China, Egypt, Indonesia, Iran, Italy, Kazakhstan, Mexico, Morocco, North Korea, Peru, Slovakia, Spain, and Uzbekistan.
Some of the states recognized the danger of cyberattacks, and in the past two years, eight countries updated laws and regulations to cater to this new threat category.
Just like nuclear power plants, companies in the oil and gas sector also recorded a rise in cyberattacks.