Chatham House – Cyber Security at Civil Nuclear Facilities
What is in the standard
This report finds that the trend toward connecting business syetems with nuclear facilities introduces a host of cyber vulnerabilities to nuclear facilities that nuclear plant personnel may not be aware of. This report focuses on cyber attacks that seek to take over nuclear industrial control systems acting either inside or outside of the facilities where these systems are located. The authors of the report believe that many of the findings and guidelines also apply to wider critical infrastructure, to include power grids, transport networks, and maritime shipping. The report emphasizes the necessity of unidirectional communication technology at nuclear facilities; concerning both protecting the network perimeter from the IT network and vendor VPN remote access. The report notes a number of specific recommendations to address the challenges identified in the study. It is recommended that in order to address the challenge of enhancing security – due to insufficient spending on cyber security within the nuclear industry – they encourage the further adoption of secure unidirectional communications technology.
Relationship to Unidirectional Gateways
The report states that it would be fairly straightforward for a hacker to breakthrough a firewall and gain access to the ICS network, however with unidirectional communication technology installed, the network impossible to breach. For protecting the ICS network the results of the study are clear – firewalls aren’t good enough: they are reactive rather than anticipatory, attacks can go undetected, and attacks are detected when they are already inside the network. The report highlights seven known cyber security indidents at nuclear facilities around the world which could have been prevented with Unidirectional Security Gateways.
Nuclear facilities in the UK are becoming increasingly reliant on digitization and commercial software. This recent trend has presented a growing attack surface area for nuclear plants. The UK and Europe are beginning to catch on to the trend toward unidirectional communication technology to protect the national critical infrastructure which could cause the most widespread damage if breached. The case is made strong in this report, unidirectional gateways are the way to go.
“Waterfall announces the launch of Waterfall BlackKBox™.
Restoring trust in network information for cyber-attack response teams and forensics”.