view counter

Nuclear terrorism“Nightmare scenario”: Nuclear power plants vulnerable to hacking by terrorists

Published 16 December 2016

Security experts fear Fukushima-like disaster as terrorists use new technology to attempt attacks. The frequency and scope of cyberattacks on nuclear plants have increased dramatically, and experts say that a successful hack is now all but inevitable. They say that nuclear plant operators should focus more on preparing to contain and limit the damage when it does occur.

Security experts fear Fukushima-like  disaster as terrorists use new technology to attempt attacks. Jan Eliasson, the deputy secretary-general of the United Nations, told the Security Council that a nightmare scenario – that is, radioactive material being released from nuclear power stations subject to cyberattacks by terrorists – is not far-fetched.

Eliasson said that “vicious non-state groups” were making efforts to acquire weapons of mass destruction (WMDs), and warned: “These weapons are increasingly accessible.”

A hacking attack on a nuclear power plant would be a “nightmare scenario,” he added.

NewsOK reports that terrorist groups such as ISIS and al-Qaeda have train to obtain WMDs, and ISIS operatives in Belgium had been following a scientist who worked at a nuclear power station, hoping to use him to gain access to the plant.

Eliasson noted that technological advances such as 3D printing, the growing use of drones, and the increasing sophistication of cyberattacks have made it easier for terrorists to acquire deadly weapons.

“Preventing a WMD attack by a non-state actor will be a long-term challenge that requires long-term responses,” Eliasson said.   

The UN convened the meeting to examine ways to prevent terrorists from getting hold of nuclear, chemical, and biological weapons.

Dr. Patricia Lewis, Research Director of the International Security Department at Chatham House, told theIndependent a cyber-attack on a nuclear power station was “a real risk.” 

“There’s an idea that the systems are protected…and that is a myth. Every system has vulnerabilities. We are seriously straying into what sounds like science fiction but isn’t. We are there now,” she said.

She added: “This isn’t just imagined – this is already going on.”

Nuclear plants have already been subject to attacks. In 2009 an attack on an Iranian facility had disrupted its nuclear enrichment program. Plants in South Korea and Germany have also come under  cyberattacks. 

These attacks were small, but bigger ones could have been disastrous.

Lewis warned the worst case cyber-attack could potentially cause “a Fukushima-style scenario.”

She said: “It is probably beyond the capabilities of a non-state armed group but it may be very possible for a state to do that. Energy companies really need to understand the threat better [because] they don’t yet. There are things going on that we don’t fully understand.”

Experts worry that attacks aiming to disrupt nuclear power stations, could also be launched against nuclear weapons facilities.

Lewis said: “When it comes to nuclear weapons the consequences are far higher. Even if the probabilities are lower, the risk is huge.”

Attacks on nuclear power stations will not only release deadly radiation, but would also shut down the grid, wreaking economic havoc and risking public disorder, Lewis added. 

Cyberattacks on nuclear power plants may have different goals. Some may aim to obtain data about the way the plant works or information on personnel at the facility; others may be ransom attacks, threatening the plant operator with damage unless money is paid.

Hacks may also see information about the layout and structure of nuclear reactors in preparation for a physical attack.

The frequency and scope of cyberattacks on nuclear plants have increased dramatically, and experts say that a successful hack is now all but inevitable. They say that nuclear plant operators should focus more on preparing to contain and limit the damage when it does occur. 

Lewis said: “We need a different type of approach to cyber-security – one that doesn’t imagine that you can completely defend against attacks. 

“What we’re trying to do is introduce a culture where you…expect the attacks and build in resilience so that when they come it doesn’t really have much effect.”