The programme’s work examines cyber security incentives and regulations in the civil nuclear industry. Part of the work involves incorporating the nuclear insurance sector into a discussion on cyber security.
The exploitation of cyber vulnerabilities in critical infrastructure is becoming an increasingly pervasive security threat. At the global level, dependence on cyberspace is increasing and creates new and unexpected vulnerabilities. This dependence extends to nuclear energy production plants, which rely on computer networks for most internal processes. Many plants are connected to external networks, and there are a variety of ways in which a malicious actor could exploit these dependencies to create a security incident.
Since the stark illustration of the impact of a natural disaster at the Fukushima nuclear plant in 2011, there is renewed concern that attacks on civil nuclear installations—including cyber attacks—may prove attractive to terrorist organizations and to states. In addition, alleged US and Israeli involvement in the Stuxnet attacks on Iranian nuclear infrastructure may lead to reprisal attacks and an escalation of hostilities. Attacks could be carried out by individuals or organizations in places where the rule of law is poorly enforced, which impedes efforts at deterrence.
The situation is further complicated by conflicting public and private sector perspectives on how to mitigate threats. This issue is rapidly garnering increased international attention, with concerns about nuclear vulnerabilities to cyber attacks highlighted at the March 2012 Nuclear Security Summit in Seoul.
This project is supported by the MacArthur Foundation.