Abstract
Cyber Security for Nuclear Power Plants by Thomas Shea and Sandro Gaycken and Maurizio Martellini is a meticulous analysis of the current situation regarding the security of Nuclear Power Plants. It describes the current stage, outlining the motivations of potential cyberattacks and how they could be carried out. It proceeds in presenting an all-comprehensive security circle that provides opportunities for engagement and collaboration to deal with cyberissues at various levels. Since this paper was presented at the Seoul Nuclear Security Summit of 2012, it ends with useful recommended action for the Summit to take, in order to ensure that the peaceful use of nuclear energy is not vulnerable to cyberattacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The International Convention for the Suppression of Acts of Nuclear Terrorism states in Article 2.1 that “Any person commits an offence within the meaning of this Convention if that person unlawfully and intentionally:
(b) Uses in any way radioactive material or a device, or uses or damages a nuclear facility in a manner which releases or risks the release of radioactive matter.”
- 2.
“The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.”
- 3.
In such circumstances, the cyber attack may have been unforeseen and unintended, but the originator of the worm or virus may still be prosecuted on the basis of the end results. Nuclear operators must ensure that casual vulnerabilities are blocked; no security system should contain unintended holes.
- 4.
On December 26, 2011, the United States Nuclear Regulatory Commission gave the green light to Westinghouse's 1,100 MWe AP1000 pressurized water reactor design. The NRC said the design incorporates passive safety features that would cool down the reactor after an accident without the need for human intervention. The design provides enhanced safety margins through use of simplified, inherent, passive, or other innovative safety and security functions.
- 5.
The World Institute of Nuclear Security (WINS) might undertake such activities.
- 6.
Such activities are already underway by the IAEA and WINS.
Bibliography
G. Cauley, Hearing on Discussion Draft Legislation to Improve Cybersecurity of the Electric Grid NERC (2011), http://www.nerc.com/news/testimony/Testimony%20and%20Speeches/HECC%20May%2031%20Cauley%20Testimony%20Final.pdf Accessed 4 Mar 2013
S. Gorman, J. Barnes Cyber Combat: Act of War. WSJ (2011), http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html. Accessed 4 Mar 2013
IAEA Development, Use and Maintenance of the Design Basis Threat, IAEA Nuclear Security Series (2009) , http://www.pub.iaea.org/MTCD/publications/PDF/Pub1386_web.pdf. Accessed 4 Mar 2013
United Nations Yearbook of the United Nations (1989), http://books.google.com/books?id=MLAxV20gktQC&pg=PA294&lpg=PA294&dq=prevention+of+military+attacks+on+nuclear+reactors&source=bl&ots=E1dBq3-VC-&sig=XfjvTxy1I92E7HuNb4pgE1Bibcg&hl=en&sa=X&ei=gKIIT8G1BYa0iQLcqvyZCQ&sqi=2&ved=0CD4Q6AEwBQ#v=onepage&q=prevention%20of%20military%20attacks%20on%20nuclear%20reactors&f=false. Accessed 4 Mar 2013
Interpol Cybercrime (2012), http://www.interpol.int/Crime-areas/Cybercrime/Cybercrime. Accessed 4 Mar 2013
G. Keizer, Is Stuxnet the ‘best’ malware ever?. ComputerWorld (2010) , http://www.computerworld.com/s/article/9185919/Is_Stuxnet_the_best_malware_ever_. Accessed 4 Mar 2013
B. Kesler, The Vulnerability of Nuclear Facilities to Cyber Attack. Strategic Insights 10(1), 15−25 (2010).
LCG Consulting NRC Approves Rule to Amend AP1000 Nuclear Reactor Design (2011), http://www.energyonline.com/Industry/News.aspx?NewsID=7552&NRC_Approves_Rule_to_Amend_AP1000_Nuclear_Reactor_Design. Accessed 4 Mar 2013
The International Electrotechnical Commission. Standards addressing cyber security: http://www.iec.ch/dyn/www/f?p=103:30:0::::FSP_ORG_ID,FSP_LANG_ID:1358,25. (Accessed 4 Mar 2013), especially Standard 45A/846/CD, IEC 62645 Ed.1: Nuclear power plants - Instrumentation and control systems - Requirements for security programmes for computer-based systems
The World Institute of Nuclear Security. Workshop on the security of Information Technology (IT) & Instrumentation and Control (IC) Systems at Nuclear Facilities, February 27–29, in Ontario, Canada (2012). See: http://www.wins.org/. Accessed 4 Mar 2013
United Nations (1999–2002), The rome statute of the international criminal court. http://untreaty.un.org/cod/icc/statute/romefra.htm. Accessed 4 Mar 2013
United Nations (2001), UNSCR 1373 http://www.un.org/News/Press/docs/2001/sc7158.doc.htm. Accessed 4 Mar 2013
United Nations (2005) ,International convention for the suppression of acts of nuclear terrorism. http://www.un.org/en/sc/ctc/docs/conventions/Conv13.pdf. Accessed 4 Mar 2013
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 The Author(s)
About this chapter
Cite this chapter
Shea, T., Gaycken, S., Martellini, M. (2013). Cyber Security for Nuclear Power Plants. In: Martellini, M. (eds) Cyber Security. SpringerBriefs in Computer Science. Springer, Cham. https://doi.org/10.1007/978-3-319-02279-6_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-02279-6_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-02278-9
Online ISBN: 978-3-319-02279-6
eBook Packages: Computer ScienceComputer Science (R0)