Cyber Security at Civil Nuclear Facilities: Understanding the Risks
Autor Caroline Baylon, Roger Brunt, David Livingstoneen Limba Engleză Paperback – 21 iun 2016
This report finds that the trend to digitization, when combined with a lack of executive-level awareness of the risks involved, means that nuclear plant personnel may not realize the full extent of their cyber vulnerability and are thus inadequately prepared to deal with potential attacks. Specific findings include the following:
—The conventional belief that all nuclear facilities are “air gapped” (isolated from the public Internet) is a myth. The commercial benefits of Internet connectivity means that a number of nuclear facilities now have VPN connections installed, which facility operators are sometimes unaware of.
—Search engines can readily identify critical infrastructure components with such connections.
—Even where facilities are air gapped, this safeguard can be breached with nothing more than a flash drive.
—Supply chain vulnerabilities mean that equipment used at a nuclear facility risks compromise at any stage.
—A lack of training, combined with communication breakdowns between engineers and security personnel, means that nuclear plant personnel often lack an understanding of key cyber security procedures.
—Reactive rather than proactive approaches to cyber security contribute to the possibility that a nuclear facility might not know of a cyber attack until it is already substantially underway.
In the light of these risks, the report outlines a blend of policy and technical measures that will be required to counter the threats and meet the challenges.
—The conventional belief that all nuclear facilities are “air gapped” (isolated from the public Internet) is a myth. The commercial benefits of Internet connectivity means that a number of nuclear facilities now have VPN connections installed, which facility operators are sometimes unaware of.
—Search engines can readily identify critical infrastructure components with such connections.
—Even where facilities are air gapped, this safeguard can be breached with nothing more than a flash drive.
—Supply chain vulnerabilities mean that equipment used at a nuclear facility risks compromise at any stage.
—A lack of training, combined with communication breakdowns between engineers and security personnel, means that nuclear plant personnel often lack an understanding of key cyber security procedures.
—Reactive rather than proactive approaches to cyber security contribute to the possibility that a nuclear facility might not know of a cyber attack until it is already substantially underway.
In the light of these risks, the report outlines a blend of policy and technical measures that will be required to counter the threats and meet the challenges.
Preț: 117.75 lei
Nou
Puncte Express: 177
Preț estimativ în valută:
22.54€ • 23.49$ • 18.76£
22.54€ • 23.49$ • 18.76£
Carte tipărită la comandă
Livrare economică 06-20 ianuarie 25
Preluare comenzi: 021 569.72.76
Specificații
ISBN-13: 9781784130794
ISBN-10: 1784130796
Pagini: 56
Dimensiuni: 210 x 298 x 9 mm
Greutate: 0.25 kg
Editura: Brookings Institution Press
Colecția Chatham House
Locul publicării:United Kingdom
ISBN-10: 1784130796
Pagini: 56
Dimensiuni: 210 x 298 x 9 mm
Greutate: 0.25 kg
Editura: Brookings Institution Press
Colecția Chatham House
Locul publicării:United Kingdom
Notă biografică
Caroline Baylon is research associate in science, technology, and cyber security at Chatham House, where her work has covered topics including critical infrastructure protection, privacy, the digital divide, and Internet governance. She also serves as editor of the Journal of Cyber Policy, Chatham House’s peer-reviewed academic journal. She speaks regularly at international conferences and is a frequent media commentator and contributor, most recently writing a series of articles on the challenges that drones pose to nuclear facilities.
Roger Brunt was appointed the U.K. government’s regulator for security in the civil nuclear industry as the director of the Office for Civil Nuclear Security, after retiring from the British Army in 2004. He oversaw the introduction of a number of significant security improvements at civil nuclear sites, including the wider deployment of an armed response capability, improved vetting and information security procedures, and measures to test the civil nuclear security regime. He also promoted the merger of the United Kingdom’s security and safety regulators in 2007 to enhance regulatory coherence in the industry.
David Livingstone is an associate fellow at Chatham House, where he has participated in a broad range of projects on national-level risk management, cyber security, counterterrorism, serious organized crime, nuclear security, and space security. He has given evidence to the U.K. parliament, has provided expert witness services to the Central Criminal Court, and is a regular media commentator.
Roger Brunt was appointed the U.K. government’s regulator for security in the civil nuclear industry as the director of the Office for Civil Nuclear Security, after retiring from the British Army in 2004. He oversaw the introduction of a number of significant security improvements at civil nuclear sites, including the wider deployment of an armed response capability, improved vetting and information security procedures, and measures to test the civil nuclear security regime. He also promoted the merger of the United Kingdom’s security and safety regulators in 2007 to enhance regulatory coherence in the industry.
David Livingstone is an associate fellow at Chatham House, where he has participated in a broad range of projects on national-level risk management, cyber security, counterterrorism, serious organized crime, nuclear security, and space security. He has given evidence to the U.K. parliament, has provided expert witness services to the Central Criminal Court, and is a regular media commentator.