Balancing the Risks and Rewards of Updated Digital Technologies in Nuclear Facilities

Securing nuclear facilities has always posed technical and policy challenges. Today, with efforts to modernize and digitize nuclear facilities around the world, the task of securing them to a high degree of confidence is more challenging than ever. Engineers and operators working to integrate new technologies with old must understand the significant implications for nuclear security so that facilities can take advantage of the benefits of new technology while maintaining the highest levels of security. 

In nuclear energy and research facilities, new and updated technologies including new business systems, automated intrusion detection, digital displays in control rooms, and a multitude of digital instruments modernize and improve operations. But adding new functionality can carry significant risks. New systems could allow hackers to enter networks to deface or to alter data or allow intruders to download a security plan in preparation for a real-life attack. Sophisticated attackers could alter important information during a fuel reload, or a USB port could be the source of a computer virus that stealthily disrupts daily operations.

Cybersecurity and the Index

Recognizing the growing need to secure nuclear facilities against cyber attacks, the NTI Index in 2016 began tracking cybersecurity regulations at nuclear facilities. Four years later, the 2020 Index shows that progress to adapt, secure, and defend against cyber attacks through policy and regulatory changes, while gradually improving, remains slow.

This chart shows a gradual increase in the percentage of countries with a basic requirement for nuclear facilities to protect against cyber attacks.
Cybersecurity Score Distribution
This chart shows the number of countries scoring 0-8 points in 2016, 2018, and 2020. It shows the number of countries with more points is growing over time.
Countries scoring 50+ in cybersecurity
This chart shows the percentage of countries scoring below 50 and of countries scoring 50 and above for 2016, 2018, and 2020. The chart shows gradual improvement since 2016.

The Future of Cyber-Nuclear Security

Public- and private-sector leaders should not wait for regulations to slowly catch up to the scope and severity of the cyber threat, but they must take more proactive security measures as they modernize their facilities with new and updated digital capabilities and tools. The minimum measures needed across the nuclear enterprise include mandatory cybersecurity policies such as assessments, cybersecurity awareness programs for all employees, and protection for sensitive digital assets, especially as they are upgraded.

Regulators and operators must act now, but also prepare for the future. As digital technologies are involved in more nuclear operations, the responsibility to avoid sacrificing the security of nuclear materials and facilities in the name of technology will intensify.