British nuclear power plants are vulnerable to cyber-attacks

British nuclear power plants are old and outdated, and thus vulnerable to cyber-attacks by design, a security company claims.

The Chatham House think thank, dubbed by Express.co.uk as “hugely influential”, claims the risk of a "serious nuclear cyber-attack" is growing and the UK's power plants are woefully unprepared.

The report, named Cyber Security at Civil Nuclear Facilities: Understanding the Risks, was written by Caroline Baylon with Roger Brunt and David Livingstone. It analysed cyber defences in power plants across the UK over a period of 18 months.

The main conclusion is that the growing reliance on commercial software is putting plants under increased cyber-security risk.

The report says that the slightest of incidents could have huge consequences: "Even a small-scale cyber security incident at a nuclear facility would be likely to have a disproportionate effect on public opinion and the future of the civil nuclear industry".

A devastating nuclear attack, which could release radiation into the atmosphere, could be triggered by a simple USB flash drive, it adds.

The current threat level for international terrorism for the UK is assessed to be "Severe", meaning a terrorist attack directed at the United Kingdom is "highly likely". The current level is the highest since 2010.

"Risk can be thought of as probability times consequence, so even though the probability of a major cyber attack on a nuclear plant is low, the consequence could be high. And given that the risk is increasing, we need to begin tackling the challenge today," said lead author Caroline Baylon.

Cyber-attacks against nuclear power plants are nothing new. We’ve seen how the Stuxnet worm wreaked havoc among Iran’s nuclear power plants back in 2010.

"The nuclear industry is beginning - but struggling - to come to grips with this new, insidious threat," Chatham House research director for international security Patricia Lewis said in the report.