[SystemSafety] Cybersecurity at Nuclear Power Plants

Peter Bernard Ladkin ladkin at rvs.uni-bielefeld.de
Mon Feb 29 09:15:53 CET 2016


I came across this Chatham House report by (lead author) Caroline Baylon and others, on
cybersecurity in nuclear power plants.

A good newspaper summary is at

http://www.ft.com/cms/s/0/b5f0df54-6aa1-11e5-aca9-d87542bf8673.html#axzz41XbXa4RA

(If you try going there directly, FT might ask you to "sign in" to read it. If so, Google "Caroline
Baylon nuclear risk" and the link will turn up. Following it skips the sign-in.)

The report and executive summary is at

https://www.chathamhouse.org/publication/cyber-security-civil-nuclear-facilities-understanding-risks

Apparently the authors looked at some 50 incidents worldwide, with only a few having been publicly
noted.

Apparently the operating engineers and cybersecurity people don't talk to each other much in
language that the other understands. This happens quite frequently in all sorts of industries, it seems.

Operators apparently often believe their facilities are "air gapped": no connections to the
Internet. But it seems they don't check, for often any "gap" is bridged. Someone installed a VPN to
allow himher to work from home. Someone brings in hisher laptop, hooks it up to plant systems while
at work, uses it for whatever while elsewhere, at home off-duty if an operator, or at the other
workplace if a contractor. People don't reset default factory passwords on installed third-party
kit. Monitoring systems are retrofitted, with networked reporting.

This sounds like the same old stuff. We could imagine it should be caught by a decent cybersecurity
audit. There probably are such audits. But apparently they are not bringing up the things which have
resulted in incidents. Or maybe they are now?

PBL

Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany
Je suis Charlie
Tel+msg +49 (0)521 880 7319  www.rvs.uni-bielefeld.de





-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20160229/d109803c/attachment.pgp>


More information about the systemsafety mailing list