This project aims to assess the risks and vulnerabilities of the international civil nuclear sector in regards to cyber security and to identify potential policies and international measures to enhance cyber security in the wider nuclear security field.

Background

The exploitation of cyber vulnerabilities in critical infrastructure is becoming an increasingly pervasive security threat. At the global level, dependence on cyberspace is increasing and creates new and unexpected vulnerabilities. This dependence extends to nuclear energy production plants, which rely on computer networks for most internal processes. Many plants are connected to external networks, and there are a variety of ways in which a malicious actor could exploit these dependencies to create a security incident. 

Since the stark illustration of the impact of a natural disaster at the Fukushima nuclear plant in 2011, there is renewed concern that attacks on civil nuclear installations—including cyber attacks—may prove attractive to terrorist organizations and to states. In addition, alleged US and Israeli involvement in the Stuxnet attacks on Iranian nuclear infrastructure may lead to reprisal attacks and an escalation of hostilities. Attacks could be carried out by individuals or organizations in places where the rule of law is poorly enforced, which impedes efforts at deterrence. The situation is further complicated by conflicting public and private sector perspectives on how to mitigate threats.  This issue is rapidly garnering increased international attention, with concerns about nuclear vulnerabilities to cyber attacks highlighted at the March 2012 Nuclear Security Summit in Seoul. 

Project Overview

The project goals are to:

1. assess the risks and vulnerabilities of the international civil nuclear sector in regards to cyber security

2. identify potential policies and international measures to enhance cyber security in the wider nuclear security field 

Over an 18 month period, the project will establish and engage with a strong constituency of international experts and stakeholders from a wide range of the fields through:

  • a survey (including interviews and a literature review)
  • three expert roundtable workshops
  • ongoing online activities on our project blog to establish a wider dialogue on cyber security and nuclear security with both a UK and an international audience

The project will culminate in the preparation of a final report, which will be broadly disseminated and discussed at the international level.

The project is funded by the MacArthur Foundation International Peace and Security Program.

Project Timeline

Phase 1: A survey of existing risks, vulnerabilities, and potential impacts, including through interviews and a literature review. 

  • First expert roundtable (12 May 2014)

Phase 2: Investigation of potential ways to reduce undesired activity, and development of proposals for international policies and measures. In order to have direct policy relevance and utility, researchers will engage with international stakeholders from across the field.

  • Second expert roundtable (23 September 2014)

Phase 3: Preparation of a final report outlining findings and policy recommendations.

  • Third expert roundtable (February 2015)

Phase 4: Publication and dissemination of research findings. This final stage will focus on disseminating the findings widely.

Related documents

Group of Experts: Bios
pdf | 238.57 KB

More on Cyber and Nuclear Security