International response needed for cyber security threats to nuclear facilities

An international response is needed to combat cyber security threats to nuclear facilities from criminals and terrorists, Yukiya Amano, director general of the International Atomic Energy Agency (IAEA), cautioned Monday.

Speaking at IAEA’s International Conference on Computer Security in a Nuclear World in Vienna, Amano said plainly “terrorists and other criminals operate international networks and could strike anywhere.”

Pointing out that reports of actual or attempted cyber attacks are virtually a daily occurrence, Amano told attendees the nuclear industry has not been immune. “Last year alone, there were cases of random malware-based attacks at nuclear power plants, and of such facilities being specifically targeted,” he reported.

“Computers play an essential role in all aspects of the management and safe and secure operation of nuclear facilities, including maintaining physical protection. It is vitally important that all such systems are properly secured against malicious intrusions,” Amano emphasized.

“Staff responsible for nuclear security should know how to repel cyber attacks and to limit the damage if systems are actually penetrated,” he said, adding that the IAEA is doing what it can to help governments, organizations and individuals “adapt to evolving technology-driven threats from skilled cyber adversaries.”

“Nuclear security is a national responsibility, but the IAEA plays the central role in ensuring effective international co-operation in this area. We have the expertise to help states establish sustainable national nuclear security regimes,” he said.

With 164 member states, Amano said IAEA plays a central role “in helping the world to act in unison against the global threat of nuclear terrorism.”

Amano noted that computer security is of great importance in all sectors of industry, the economy and government. “Lessons can be learned and shared between these domains,” he suggested to attendees.

The conference, the first of its kind to be held at the IAEA, is intended to provide a global forum for information exchange for relevant authorities, operators and others involved in computer security in the nuclear field. Issues to be addressed include computer security from a national perspective, trends in cyber attack and defence, computer security management in nuclear security, computer security threat analysis, computer security for industrial control systems, and operator experience in implementing computer security.

The conference was organized in co-operation with the International Criminal Police Organization (INTERPOL), the International Telecommunication Union, the United Nations Interregional Crime and Justice Research Institute, and the International Electrotechnical Commission. It includes representatives of more than a dozen other international and regional organizations, along with operators of facilities containing nuclear and other radioactive material, relevant security authorities from national governments and experts from the private sector.

“Your presence here sends the important message that the international community is serious about protecting nuclear and other radioactive material – associated activities and facilities – from malicious acts which are either computer-based or targeted at computers,” Amano told attendees.

“I am confident that, by working together and sharing experience, all of us can help to ensure computer security in the nuclear world,” he added.

At 1st-ever conference, @UN takes aim at #cyber-threats against nuclear safety http://t.co/g9dzQOrVov @iaeaorg @UNODC pic.twitter.com/3LWDYYrGPs

— UN News Centre (@UN_News_Centre) June 1, 2015