Cybersecurity at Nuclear Power Plants

From: Peter Bernard Ladkin < >
Date: Mon, 29 Feb 2016 09:15:53 +0100

I came across this Chatham House report by (lead author) Caroline Baylon and others, on cybersecurity in nuclear power plants.

A good newspaper summary is at

(If you try going there directly, FT might ask you to "sign in" to read it. If so, Google "Caroline Baylon nuclear risk" and the link will turn up. Following it skips the sign-in.)

The report and executive summary is at

Apparently the authors looked at some 50 incidents worldwide, with only a few having been publicly noted.

Apparently the operating engineers and cybersecurity people don't talk to each other much in language that the other understands. This happens quite frequently in all sorts of industries, it seems.

Operators apparently often believe their facilities are "air gapped": no connections to the Internet. But it seems they don't check, for often any "gap" is bridged. Someone installed a VPN to allow himher to work from home. Someone brings in hisher laptop, hooks it up to plant systems while at work, uses it for whatever while elsewhere, at home off-duty if an operator, or at the other workplace if a contractor. People don't reset default factory passwords on installed third-party kit. Monitoring systems are retrofitted, with networked reporting.

This sounds like the same old stuff. We could imagine it should be caught by a decent cybersecurity audit. There probably are such audits. But apparently they are not bringing up the things which have resulted in incidents. Or maybe they are now?

PBL Prof. Peter Bernard Ladkin, Faculty of Technology, University of Bielefeld, 33594 Bielefeld, Germany Je suis Charlie
Tel+msg +49 (0)521 880 7319

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Mon Feb 29 2016 - 09:16:00 CET

This archive was generated by hypermail 2.3.0 : Tue Jun 04 2019 - 21:17:07 CEST