On Saturday, Russia sent the world’s first floating nuclear power plant out to sea. Its ultimate destination is a town in northernmost Russia in the Arctic Circle, which will take years and quite a few miles to reach. While this news sparked concern among environmentalists, cybersecurity experts were already concerned with power plants on terra firma.
At least part of the problem stems from the fact that a typical power plant has thousands of digital components and support systems. “That makes the supply chain, with its often far-flung production sites, a logical target for well-resourced hackers looking for a foothold into a facility,” reports Motherboard.
In addition, as analog elements age and are not able to be updated, they are replaced with digital components. This raises the stakes to make sure bugs and other issues are not introduced into the infrastructure.
“As many nuclear power plants were built decades ago, the industry has long employed analog equipment, gear that has no digital component and is therefore immune to hacking as we know it today. While such equipment will continue to feature in plants for safety and cyber and physical security reasons, more and more gear has digital features whose cybersecurity operators must guarantee,” writes Motherboard.
As recent as March, the US Department of Homeland Security warned that hackers backed by the Russian government were already waging a campaign to zero in on third-party suppliers with vulnerable networks.
Securing the many moving parts of a nuclear power plant will require not just ensuring the discrete components are free of malware and vulnerabilities, but also that third-party partnerships and vendors comply with security standards that match that of the power plant and its associated regulations.
According to Motherboard, “Despite rigorous equipment tests performed by nuclear facilities, the elusive nature of software bugs means some inevitably do slip through the cracks. The extent to which the nuclear industry can work with outside researchers who identify vulnerabilities that plant officials miss will be key to supply-chain cybersecurity.”
Get the full story at Motherboard.