Cybersecurity by design in civil nuclear power plants


This report from the UK think tank Chatham House considers the security by design approach for civil nuclear power plants and analyses areas of risk and opportunities for the nuclear industry.

Cyberattacks are increasingly challenging critical national infrastructure. The application of ‘security by design’ in nuclear new builds could provide operators with the opportunity to establish a robust and resilient security architecture at the beginning of a nuclear power plant’s life cycle. This will enhance the protection of the plant and reduce the need for costly security improvements during its operating life.

• Security by design cannot fully protect a nuclear power plant from rapidly evolving cyberattacks, which expose previously unsuspected or unknown vulnerabilities.

• Careful design of security systems and architecture can – and should – achieve levels of protection that exceed current norms and expectations. However, the sourcing of components from a global supply chain means that the integrity of even the most skilfully designed security regime cannot be guaranteed without exhaustive checks of its components.

• Security by design may well include a requirement for a technical support organization to conduct quality assurance of cyber defences and practices, and this regime should be endorsed by a facility’s executive board and continued at regular intervals after the new build facility has been commissioned.

• Given the years it takes to design, plan and build a new nuclear power plant, it is important to recognize that from the point of ‘design freeze’ onwards, the operator will be building in vulnerabilities, as technology continues to evolve rapidly while construction fails to keep pace with it.

Security by design cannot be a panacea, but it is an important factor in the establishment of a robust nuclear security – and cybersecurity – culture.

Read Full Report

Explore our reports

  • Reset
Advanced search