At least 20 countries around the world with significant stockpiles of nuclear weapons or nuclear power plants have no protection at all against the threat of cyberattacks, claims the Nuclear Threat Initiative (NTI).
The NTI is a non-profit organisation that specialises in accessing the security of nuclear materials in the world, particularly highly enriched uranium and plutonium, which are considered to be the world's deadliest resources.
While physical security has always been a concern, with the rise in cyberattacks affecting multiple industries globally, the focus has changed to include security of the computer systems that govern these resources. Rather than brute force, one of the easiest ways to undermine a country would really be to damage its critical infrastructure, for example hacking into a nuclear power plant and sabotaging it. Such a method would also make it easier for thieves to break into such a location.
20 countries had no protection at all
The NTI surveyed 24 nations that had at least 1kg of nuclear material in their possession as well as 152 nations that had less than 1kg of nuclear materials or none at all, and accessed publicly available data to see whether the countries had protection in place against cyberattacks.
The questionnaire included criterion such as: Did the country have any legislation requiring certain protections? Were cyberattacks considered when assessing potential threats to the security of the nuclear facilities? And were there mandated drills and tests to assess how the nuclear facilities' personnel would respond to a cyberattack?
The NTI states in its latest report that 20 countries failed the protection questionnaire on every single criterion, although some of the countries claimed they did have protection in place. Those who failed the questionnaire included China, Israel, Egypt, Mexico and North Korea, while only nine nations achieved the maximum score for cybersecurity.
Australia, Canada, UK and Japan strongest on sabotage defences
Of the total 176 nations surveyed, 45 nations were added to a new "sabotage ranking" that accessed how easy it would be for attackers to sabotage the nuclear facilities in each country and cause a significant radiological release similar to the one that affected the Fukushima Daiichi Nuclear Power Plant during the 2011 Tōhoku earthquake and tsunami disaster.
In addition to the concerns about cybersecurity, the researchers also found many of the countries, particularly developing nations, were struggling to put in place measures that would protect their nuclear facilities from non-computer-related sabotage. Finland was found to have nuclear facilities that were the most vulnerable to being sabotaged out of the 45 nations.
In terms of improvements, Japan has improved its protections against cyberattacks the most, while the US, UK, India and Russia topped the chart in terms of most improved nuclear-armed nations in terms of cybersecurity. In terms of sabotage defences, Australia, Canada, the UK and Japan were found to have the strongest sabotage defences according to NTI's sabotage ranking.
"The current global nuclear security system has dangerous gaps that prevent it from being truly comprehensive and effective," said NTI president Joan Rohlfing. "Until those gaps are closed, terrorists will seek to exploit them. Leaders must commit to a path forward when they meet this spring. The consequences of inaction in the face of new and evolving threats are simply too great."
UPDATE: The article has been updated to correct an error stating that Australia, Canada, the UK and Japan had the weakest sabotage defences. In fact, they actually have the strongest under the sabotage ranking by NTI.