Cyberattacks are the norm in every industry, and the nuclear industry is no different. However, the associated consequences of an attack are different in the nuclear sector, where fears of radiation releases and material diversion greatly influence how risk is analyzed and managed. In an era where erroneous and inaccurate news often spreads on social networks faster than accurate official reports, risk management and incident planning need to be prioritized and given a fresh look. That was just one finding from a workshop on nuclear cyber risks held in Vienna, Austria, in late 2018. The Fissile Materials Working Group (FMWG) – a coalition of 80 organizations from around the world working to keep the world safe from nuclear terrorism -in collaboration with the Stimson Center brought together cybersecurity experts and stakeholders to consider cyber risks in the civil nuclear industry and how to address them. The workshop report, Nuclear Cybersecurity: Risks and Remedies, detailed 10 findings. Since the time of that report, FMWG and Stimson have been working with expert stakeholders to further assess those risks, to consider new emerging risks, and to prioritize actions needed to better manage them. The result is this new policy paper with recommendations, some of which Stimson will work to help effect.
Prioritizing Actions for Managing Cybersecurity Risks
Considering cyber risks to the civil nuclear industry and how to address them
New approaches are needed to confront the quickly evolving landscape of nuclear cybersecurity risks. Stimson Center presented to the International Atomic Energy Agency 2020 Nuclear Security Conference this paper detailing some work that needs to be done in the private sector and civil society as well as by States and international organizations to help pool expertise and better manage risks. The paper also considers new technologies and their effects on risk. How can the nuclear industry, States, international organizations, nongovernmental organizations and other stakeholders work together to address and mitigate cyber risks?