Nuclear power stations are under extreme threat, an IT security expert has warned.
Kaspersky CEO, Eugene Kaspersky, revealed that Stuxnet, the most sophisticated computer worm ever designed and programmed to target Iranian nuclear facilities, has also affected a Russian nuclear power plant.
He said that the sophisticated malware infected a Russian nuclear plant around the height of reports on the threat in 2010.
Kaspersky explained that a friend of his, working at the unnamed power plant, had sent him a message that its internal network, which was disconnected from the Internet, had been "badly infected by Stuxnet.
The Stuxnet malware is thought to have originally been developed by the US and Israel in order to disrupt Iran’s nuclear facilities
Kaspersky argued that those responsible for "offensive technologies" have no idea of the unintended consequences of releasing malware into the wild.
"Everything you do is a boomerang," he explained. "It will get back to you."
Commenting on the revelation, Tony Burton, critical infrastructure protection business lead at Thales UK, said: "Technology plays a central role in the generation and distribution of nuclear energy, so ensuring that security capabilities meet modern-day demands is critical. These interconnected systems present an attractive target for those with malicious intentions regarding critical infrastructure.
Burton added: "Stuxnet is believed to have been created to target Iran’s nuclear facilities, highlighting the willingness of state organisations to wage cyber-warfare on key elements of national infrastructure. The chief of GCHQ has warned of an ‘exponential rise’ in cyber-attacks on UK government departments and industry; this is a threat that must be taken seriously.
"Cyber-security, however, should not sit in isolation but rather be tightly integrated with plant processes, people and the physical environment. When managed together, technologies such as encryption, biometric authentication and pattern-of-life detection can all play their part in protecting people, places and sensitive information. All too often, we see physical and digital security treated as separate entities during the design process – indeed, securing the physical premises can often be treated as an afterthought to be taken care of once they’re built."
Thales provides a holistic approach to security as mandated by government for critical national infrastructure, including for the existing fleet of EDF UK nuclear power stations for more than 25 years.