View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Hacking nuclear power plants: Could mistakes lead to meltdowns?

It would appear that phishing, the simplest form of cyber attack, is behind the breaching of facilities posing the greatest risk to human life.

By Tom Ball

Unidentified hackers have been attempting to breach nuclear power plants in the United States according to a joint report from Homeland Security and the FBI.

Information regarding the severity of the attacks and the motives behind them were not detailed specifically.

However, the analysis of the attack in the report shows a pattern of targeting employees who work in positions with access to critical systems that could result in human life being endangered, and massive environmental risk.

While the report also shows that manufacturing plants and energy companies are continually targeted, the potential risk of hackers gaining entry to a nuclear facility is highly concerning.

According to The New York Times who first shared the details of the report, one facility was noted, the Wolf Creek Nuclear Operating Corporation. The facility is responsible for the operation of a nuclear power plant situated in Kansas.

Given the storm of debate regarding Russian hacking interests in the U.S., it will be impossible for many to ignore potential connections following the revelation of attacks on nuclear power plants, especially with tension running high between the two global super powers.

Hacking nuclear power plants: Could mistakes lead to meltdowns?The thought of malicious cyber attackers who could be acting on a nation state level is terrifying, especially given the global havoc that can be achieved by simplistic cyber attacks such as ransomware or phishing.  

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Fraser Kyne, EMEA CTO at Bromium said: “Whether this creates a disaster such as a hazardous spillage or power outages for millions, or something less dramatic like a heap of business disruption for the plants that have been attacked, its clear security has to change. Once again, it is the end user that has been targeted with infected email attachments. This is a common theme in recent breaches. If you are a busy engineer, who is recruiting at the moment and get sent a CV why wouldn’t you open it? Regardless of whether you work in a nuclear facility or in an office you can’t question every action you take on a PC. Yet that’s what the current status quo in security expect.

READ MORE: SCADA cyber attacks: Eugene Kaspersky warns of global blackout

We have heard a great deal about the potentially catastrophic risks posed by human fallibility in the world of cyber security. The concerning truth is that human beings are also in charge of nuclear power plants, capable of making the same mistakes as anyone else.

“We know that users are the weakest point in a company’s defence against cyber-attacks, and yet we still see successful breaches on a weekly basis. This highlights the need for a new way of thinking about cybersecurity on the whole as current defences are not up to the task. We can’t continue to expect users to be the last line of defence. By isolating tasks with virtualisation-based security you can effectively nip such attacks in the bud and take the onus and responsibility for security away from the user,” said Kyne.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU