The UK department for Business, Energy and Industrial Strategy has recently released a new document addressing cyber-attacks on critical nuclear facilities.
This strategy sets out a path to keeping the UK civil nuclear sector ahead of rapidly evolving threats to, and vulnerabilities in, software and equipment in the next five years. The document reports that while all nuclear sites have cyber-security programmes in place, it usually only accounts for a small part of the budget, so it says that the industry must ensure that cyber-security is “considered as part of decisions to improve physical security and safety. This will potentially identify cost savings where the desired outcomes can be achieved by a more optimal mix of the three areas.”
The strategy calls on all sectors involved in civilian nuclear power to improve cyber-security, including licensed nuclear facilities, suppliers, the government, the nuclear regulator and the Information Commissioner.