Cybersecurity in the Nuclear Industry The Need for Strategic Cyber Risk Management

摘要

In a global survey of over 700 security practitioners in 98 countries, the World Institute for Nuclear Security (WINS) found that the top priority across all continents and demographics was cybersecurity. The results, published in February 2020 [1], found that a cyberattack on a nuclear facility was considered much more likely than a physical attack. This conclusion points to the need for greater understanding of cybersecurity threats amongst nuclear facility staff and the professional capability to prepare for and, if necessary, respond to cyberattacks. The paper sets out the importance of cybersecurity risk reduction in the nuclear industry and the means by which this can be achieved, highlighting the approach and recommendations developed through WINS' research and publications on cybersecurity [2] as well as its professional development programme about cybersecurity in the nuclear industry [3]. The paper in brief: 1.establishes the context of cybersecurity for the nuclear industry having regard to cyberthreats, cyber targets, cyberattack vectors and the nature of cyberattacks 2.highlights the importance of raising awareness among all stakeholders within the nuclear industry of the vulnerabilities that may be exploited by cyberthreats to mount successful cyberattacks 3.recognises the increasing digitisation of systems and the evolution of human technological interface as a key risk to be managed 4.directs attention to the importance of risk reduction through attention to cyber risk, risk mitigation and assurance processes that organisations should undertake to reduce risk and promote cyber resilience.