Skip to main content

British nuclear power plants are vulnerable to cyber-attacks

British nuclear power plants are old and outdated, and thus vulnerable to cyber-attacks by design, a security company claims.

The Chatham House (opens in new tab) think thank, dubbed by as “hugely influential”, claims the risk of a "serious nuclear cyber-attack" is growing and the UK's power plants are woefully unprepared.

The report, named Cyber Security at Civil Nuclear Facilities: Understanding the Risks, was written by Caroline Baylon with Roger Brunt and David Livingstone. It analysed cyber defences in power plants across the UK over a period of 18 months.

The main conclusion is that the growing reliance on commercial software is putting plants under increased cyber-security risk.

The report says that the slightest of incidents could have huge consequences: "Even a small-scale cyber security incident at a nuclear facility would be likely to have a disproportionate effect on public opinion and the future of the civil nuclear industry".

A devastating nuclear attack, which could release radiation into the atmosphere, could be triggered by a simple USB flash drive, it adds.

The current threat level for international terrorism for the UK is assessed to be "Severe", meaning a terrorist attack directed at the United Kingdom is "highly likely". The current level is the highest since 2010.

"Risk can be thought of as probability times consequence, so even though the probability of a major cyber attack on a nuclear plant is low, the consequence could be high. And given that the risk is increasing, we need to begin tackling the challenge today," said lead author Caroline Baylon.

Cyber-attacks against nuclear power plants are nothing new. We’ve seen how the Stuxnet worm wreaked havoc among Iran’s nuclear power plants back in 2010.

"The nuclear industry is beginning - but struggling - to come to grips with this new, insidious threat," Chatham House research director for international security Patricia Lewis said in the report.

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.