The risk of a “serious cyber attack” on nuclear power plants around the world is growing, warns a report. The civil nuclear infrastructure in most nations is not well prepared to defend against such attacks. Many of the control systems for the infrastructure were “insecure by design” because of their age, the report said.
Published by the influential Chatham House think tank, the report studied cyber defences in power plants around the world over an 18-month period. Tim Erlin, director of security and product management at Tripwire have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire :
“There’s no doubt that nuclear facilities are not only at risk of attack, but already being attacked.
Most concerning is the conclusion that while these facilities believe they’re disconnected from the Internet, they are not. If your first defense is a virtual moat, but you’ve been building bridges around the castle, there’s a serious problem to address.
Compromise through the supply chain occurs in other industries, and is something we’ve just seen in the recent T-Mobile/Experian breach. Motivated attackers will take advantage of the weakest point.
In the connected economy, every organization both has a supply chain and is part of a supply chain.
Proactive and reactive strategies for cybersecurity must be balanced to be effective. Swinging the pendulum too far in either direction can be disastrous.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]
Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.