UK and US planning simulated cyber attacks on nuclear plants

Britain and the US are collaborating to stage a simulation of a cyber attack on a nuclear power plant to test the resilience of the two countries’ infrastructure against a terrorist strike.

According to The Guardian, government sources have said the exercise was not triggered by any credible intelligence of an attack threat, but more of “prudent planning” for the two countries. The simulation is similar to that carried out on various banks last year.

British Prime Minister David Cameron, ahead of a nuclear summit in Washington, is also set to announce a deal to ship 700kg of nuclear waste to the US from Dounreay, in Scotland. In exchange, the US will send supplies of a different type of uranium to European nuclear agency Euratom to be turned into medical isotopes, that can then be used in diagnosing and treating cancer across Europe.

Since the first summit in Washington in 2010, 14 countries attending have agreed to reduce their stockpiles of uranium and strengthened the role of watchdog the International Atomic Energy Agency. Many others have also pledged to step up security and tackle nuclear smuggling.

Cameron will also commit to spending £10 billion this year to fund agencies, including the IAEA, on improving the security of civil nuclear infrastructure worldwide and the UK will offer to share its expertise on tackling cyber-crime with other countries, wherein countries such as Japan, Korea, Turkey, and Argentina have agreed to participate.

Industry reaction

Bryan Campbell, Senior Security Researcher at Fujitsu:

“Recent high profile ‘incidents’ on critical national infrastructure such as the one against the US Dam, and the Ukraine power facility have highlighted the need to perform operational activities at a heightened level. Testing the capabilities of a nation against possible attackers is welcomed by those who understand the risk involved by nation state attacks.

“Historic attacks such as Stuxnet and Duqu have demonstrated the potential damage that can be caused to ICS, or Control & Data acquisition systems. A grasp of would be hacker targets is more a concern in relation to ‘ why’ the UK would be a target to ‘nation state’ hackers. The ongoing unrest in Europe and the rising attacks from militant groups should raise concerns sufficiently of the potential of attacks which could target national infrastructure as we observed last week in Brussels at the Nuclear research facility.

"Historic attacks are believed to have been successful in traditional terms, such as ’offline attacks’ but have yet to have any high operational success in terms of targeting CPNI at a ‘cyber’ level. The regular exercises in this area will strengthen the national posture on resilience in the face of an emerging and persistent threat.”

Richard Brown, Director EMEA Channels & Alliances at Arbor Networks::

“We all understand the devastating impact incidents at nuclear facilities can cause, for example, the Fukushima Daiichi disaster in 2011. With the energy industry also a critical part of the UK economy, it’s a choice target for anyone looking to do the country harm. Because of these two factors, it is imperative the government works closely with the energy sector to improve infrastructure resilience and mitigate against cyber terrorists seeking to develop the capabilities to launch an online attack against nuclear plants.

“A proactive approach to security is the best form of defence, with people and analytics tools being used to actively search for threats, instead of waiting for an event to take place.

"Any test that focuses organisations on their incident handling processes and communications is a good thing, as the more these are used and tested the better our people and processes – and thus our defensive capabilities - become.”

Photo Credit: Jirsak/Shutterstock