The cyber threat has expanded exponentially in recent years, with a series of damaging, high-profile attacks that have made headlines around the world. Recent attacks against banking and commerce systems, private companies, and national governments highlight the growing gap between the threat and the ability to respond to or manage it.
With evolving global threats in mind, this year’s NTI Index assesses for the first time how countries are protecting their nuclear facilities against cyber threats. Like critical infrastructure, nuclear facilities are not immune to cyber attack—a particular concern, given the potentially catastrophic consequences. Such an attack could facilitate the theft of nuclear materials or an act of sabotage.
The 2016 NTI Index includes a set of basic indicators relating to cybersecurity, and the results show that although some countries have been taking steps to protect nuclear facilities from cyber attack, many do not yet have the laws and regulations needed to provide effective cybersecurity:
- Too many countries require virtually no effective security measures at nuclear facilities to address the threat posed by hackers.
- Of the 24 countries with weapons-usable nuclear materials, 9 received a maximum score for the cybersecurity indicator and 7 scored 0. Of the 23 countries that have nuclear facilities but no weapons-usable nuclear materials, 4 received a maximum score for the cybersecurity indicator; 13 countries scored 0, including some that are expanding the use of nuclear power.
- In the past two years, 8 countries with weapons-usable nuclear materials have updated their laws and regulations with respect to cybersecurity at nuclear facilities. In the period between 2012 and 2014, 9 countries made similar updates.