Nuclear security refers to the prevention of unauthorized access, transfer, use and commission of all other illegal acts involving nuclear fissile material, radioactive substances and their concerned facilities; thus, it deals predominantly with the physical protection of all concerned material and equipment. Nuclear security culture refers to the set of means, actions, customs, regulations and measures taken to strengthen nuclear security; it is characterized by the duties and responsibilities of personnel, organizations, states and the international community. The concept of nuclear security culture is widely understood as dealing with the prevention of ‘unauthorized physical control over nuclear power’. With increasing cyber-vulnerability and frequency of cyber-attacks on nuclear facilities, there is a dire need to shed more light on the cyber domain of nuclear security.
With continued stress on physical protection, cyber attacks – despite being a major contemporary threat to information and data regarding nuclear technology and operations – remain outside the realm of nuclear security culture. Sabotage and accidental events are examples of major risks posed by cyber attacks on any nuclear facility. Such attacks could cause a range of problems, from disabling whole reactor to causing calamitous radiation release. As crucial as the possession of nuclear technology is, establishing a control system is equally vital, thus making it the utmost priority to be included as a necessary aspect of nuclear security culture.
A security framework is as successful as its ability to detect, prevent and counter each and every existing threat in time. Physical protective measures taken by nuclear technology authorized states against terrorist attacks are satisfactory enough and regulated according to the need. On the contrary, cybersecurity has given due importance to emerging cyber vulnerabilities, yet it has not been made a substantial aspect of nuclear security culture. The rise in the number of global cyber breach events, whether successful or not, underscores the urgency of re-strategizing nuclear security culture while adding the cyber domain to the sphere. There are a number of diluting facts which promote cyberspace inclusion in nuclear security culture. For instance, this security culture itself promotes operators’ and an organizational role in security plan implementation. Concurrently, according to the Stimson Center’s Nuclear-Cybersecurity Workshop Report 2018, the frontline dealers of cyber threats are the operators and internal administration of a facility. Thus, these are the people who better understand the vulnerabilities of their own system, as compared to outside regulators; this creates the basis for including cybersecurity in nuclear security culture.
This month, India confirmed a cyber attack on the Kudankulam nuclear power plant. Although Indian authorities claim that only the administrative system was breached while the control system stands alone and perfectly air-gapped, what if still some crucial information has been compromised in the attack? Are the air-gaps reliable enough in growing digitized systems? We are not unaware of cyber attacks such as Stuxnet (Iran) or Sony Hack (South Korea KHNP) from recent past. What is more beneficial in the event of such a security breach: maintaining transparency or keeping the secrecy?
Recent evidences of cyber threats demonstrate an inconsistent approach towards ensuring cybersecurity, primarily due to consideration for reputations. Nuclear terrorism is taken as a common threat, and cyberattacks must be dealt with similarly. Although the international community through various reports and workshops insisted upon collaboration in the cyber security of nuclear facilities, yet there is a reluctance to share information and take collaborative measures; this limits understanding of patterns that can be identified to counter cyber threats. Nuclear facilities with the least cyberattack exposure stood more vulnerable to potential threats; experienced facilities can help mitigate the threat by sharing relevant prevention and security enhancing information. For this purpose, joint cyber risk management exercises, workshops and reports could also be advantageous.
It is due to the rarity and unsuccessful attempts of cyber attacks that a facility can only learn with experience. To better tackle the issue, cyber drills are a way of practicing responses to attacks in a controlled environment. The facility can generate cyber exercises under the supervision of the IAEA, which would help in predicting the nature of the expected attack and elevating the plant’s capability to respond effective.
An organizational approach, promoted under the IAEA’s security culture for physical protection, is also applicable in enhancing cybersecurity in the nuclear industry. Training cyberspace operators, IT system managers and control system operators within each nuclear facility is highly recommended. Furthermore, nuclear security promotes operator-regulator interface to make an account of nuclear security matters. It is required in related cybersecurity matters as well.
Cyberspace, as an area potentially vulnerable to threat in the nuclear industry, is an integral domain of security assurance. Where the physical security system of nuclear technology is responsibly made highly impenetrable around the globe, information and data related to its control system and proper functioning still seems to be accessible. The absence of cyberspace from nuclear security culture is not only a sign of inconsistency in cybersecurity efforts by states, but also depicts the ignorance of the international nuclear regulatory authority towards cyber vulnerability. To better counter the cyber abuse of nuclear technology, there is a need to revise nuclear security culture and assimilate cyberspace vulnerability as a substantial sector.
Hindutva ideology, synonymous with ‘Hinduness,’ has always lured Hindu nationalists for decades. It is now…
Sindh has a remarkable history of resistance that dates back to 712 AD, culminating in…
There is an urgent need to reconceptualize the idea of political security in Pakistan. Pakistan…
Since the inception of the Industrial Revolution in Western Europe and North America, the quality…
Nuclear posture continues to occupy a critical place in Pakistani strategy in the changing nature…
The aviation industry is regarded as one of the least sustainable industries worldwide. Globally, it…