A report released by Chatham House suggests alarming findings posed by Cyber Security Risk through supply chain and through the commercial use of digital technologies in civil nuclear power plants.
The conventional belief that all nuclear facilities are ‘air gapped’
(isolated from the public internet) is a myth. The commercial benefits
of internet connectivity mean that a number of nuclear facilities now have VPN connections installed, which facility operators are sometimes unaware of.
Search engines can readily identify critical infrastructure components with such connections.
Even where facilities are air gapped, this safeguard can be breached with nothing more than a flash drive.
Supply chain vulnerabilities mean that equipment used at a nuclear facility risks compromise at any stage.
"The protection of data and the secure functioning of the critical
infrastructure – such as energy, food and water resources, transport and
communications – depend on digital technologies functioning safely and
securely. Individuals’ privacy in regard to, for example, medical
records and insurance data is still being breached to detrimental effect
This report, while considering such situations, focuses on a far more
dangerous category of cyber attack – when a facility’s industrial
control systems are disrupted or even captured and harnessed by
saboteurs acting either inside or outside the facilities where these
systems are located."
- See more at: https://www.chathamhouse.org/publication/cyber-security-civil-nuclear-facilities-understanding-risks