The “nightmare scenario” of radioactive material being released from nuclear power stations using a cyber attack is being attempted by terrorist groups, the Deputy Secretary-General of the United Nations (UN) has warned.
Jan Eliasson told the UN Security Council “vicious non-state groups” were making efforts to acquire weapons of mass destruction (WMDs) and warned: “These weapons are increasingly accessible.”
A hacking attack on a nuclear power plant would be a “nightmare scenario”, he added.
Terrorist groups such as Isis and al-Qaeda are known to have sought access to WMDs and it was reported earlier this year that Isis operatives in Belgium had been following a scientist who worked at a nuclear power station, with the hope of using him to gain access to the plant.
Technological advances such as 3D printing, the increasing use of drones and the possibility of cyber-attacks have potentially made it easier for them to acquire deadly weapons.
“Preventing a WMD attack by a non-state actor will be a long-term challenge that requires long-term responses,” Mr Eliasson said.
The UN meeting focused on how to prevent extremist groups getting hold of nuclear, chemical and biological weapons. It concluded with members approving a resolution to strengthen the work of the council committee that monitors how countries are preventing terrorist groups from acquiring or using WMDs.
Dr Patricia Lewis, Research Director of the International Security Department at Chatham House, told The Independent a cyber-attack on a nuclear power station was “a real risk”.
She said: “There’s an idea that the systems are protected…and that is a myth. Every system has vulnerabilities. We are seriously straying into what sounds like science fiction but isn’t. We are there now.”
She added: “This isn’t just imagined – this is already going on.”
The new nuclear power stations in UK
The new nuclear power stations in UK
Plons linking the Hinkley Point Nuclear Power Station to the National Grid in Somerset
Sizewell B nuclear power station in Suffolk
Heysham Nuclear Power Statio in north-west England
Wylfa Nuclear Power Station near the village of Cemaes in Anglesey
Several attacks on nuclear power plants have already taken place. In 2009 it was reported that an attack on an Iranian facility had hit its nuclear enrichment programme.
Plants in South Korea and Germany have also been subjects of cyber-attacks.
While these have been on a relatively small scale, a bigger attack could cause devastation.
Dr Lewis warned the worst case cyber-attack could potentially cause “a Fukushima-style scenario” – a reference to the Japanase nuclear plant where three reactors went into meltdown in 2011 after tsunami damage.
She said: “It is probably beyond the capabilities of a non-state armed group but it may be very possible for a state to do that. Energy companies really need to understand the threat better [because] they don’t yet. There are things going on that we don’t fully understand.”
US draws up battle plan to stave off digital attack cyberstrikes
Experts fear attacks targeted at nuclear power stations could be extended to nuclear weapons facilities.
Dr Lewis said: “When it comes to nuclear weapons the consequences are far higher. Even if the probabilities are lower, the risk is huge.”
Attacks on power stations are a threat not just because of the immediate danger of a radioactive leak but because they could be aimed at shutting down the energy grid, therefore wreaking economic havoc and risking public disorder, she added.
Cyber-attacks on nuclear power plants can take different forms. Some are aimed at obtaining data about the way the plant works or information on personnel at the facility, while others are “ransom attacks” in which companies are threatened with attack unless they give the hackers money.
Hacks can be used to uncover secret information about the layout and structure of nuclear reactors that could help plan a physical attack, potentially involving an insider at the plant, or a drone. Drones have previously been spotted flying over nuclear power stations, with their origin and controllers remaining a mystery.
Such is the increasing frequency of cyber-attacks that some experts have concluded succesful hacks are inevitable and argue companies should focus more on planning to contain the damage when they do occur.
Dr Lewis said: “We need a different type of approach to cyber-security – one that doesn’t imagine that you can completely defend against attacks.
“What we’re trying to do is introduce a culture where you…expect the attacks and build in resilience so that when they come it doesn’t really have much effect.”
Beyza Unal, a nuclear weapons expert at Chatham House, said one problem was private energy companies fearing that sharing details of cyber-attacks would hurt them commercially and reputationally and therefore staying silent about attacks against them, making it difficult to develop shared defences.Reuse content