Cyber threats in a nuclear world

An increase in cyber threats now warrants a reexamination nuclear security techniques

ISLAMABAD:

Despite the fact that many countries have developed nuclear weapons far more powerful than those used against the Japanese cities in the decades since 1945, governments have negotiated arms control agreements such as the Nuclear Test-Ban Treaty of 1963 and the Treaty on the Non-Proliferation of Nuclear Weapons of 1968 due to concerns about the dreadful effects of such weapons. Nuclear Weapons and Related Systems have been facing a various cyber threats and cyber-based risks affecting various aspects of society, including the financial sector, the entertainment industry, department stores, and insurance firms. When it comes to cyber-attacks on their most vital systems, governments have an even greater issue. Successful cyber-attacks on a nuclear weapons or related system—a nuclear weapon, a delivery system, or the linked Nuclear Command, Control, and Communications (NC3) systems—could destroy the world. Cyber-attacks could result in misleading attack warnings, disrupt crucial communications or information access, pose a risk to nuclear planning or delivery systems, or even allow exploiting forces to take control of a nuclear weapon.

Given the extent of global system digitalisation and the rapid evolution of the cyber threat, it is impossible to assume that systems with digital components, including nuclear weapons systems, are not or will not be affected. Nuclear weapons and delivery systems are upgraded on a regular basis, which may include the addition of new digital systems or components. Malware could attack digital systems during fabrication, which is often done outside of protected foundries. Furthermore, there are a number of external dependencies, such as electric grid connections, that are outside the control of defence officials but have a direct impact on nuclear systems. Our defence system is communicated, controlled, upgraded, and monitored with the help of technology. Many terrorist organisations are working on the dark web. What will be the results if these terrorist groups, for their vested interests and nefarious designs, hire some hackers and take complete technical control of nuclear facilities of any nuclear power country having a weaker security system?

What if a hacker breaks into a highly secure nuclear materials storage site, giving terrorists access to highly enriched uranium needed to construct a bomb? What if cyber-terrorists take control of a nuclear power station, causing a catastrophe the size of Fukushima? What if hackers spoof a nuclear missile assault, triggering an ill-advised retaliatory strike that kills millions? The cyber threats affect at least in three ways: it can be used to compromise nuclear command and control systems, as well as weaken the security of nuclear materials and facility operations or they demand Ransome after getting control of nuclear sites.

Traditional nuclear security techniques have centred on preventing physical attacks, such as installing ‘guns, guards, and gates’ to prevent theft of bomb-making materials, sabotage of a nuclear plant, or illegal access to nuclear command, control, and communications systems. In this ‘conventional’ nuclear security area, significant progress has been accomplished, but the possibility of a cyber-assault is growing. Every country is at risk, and nuclear cyber security procedures haven't put in the required efforts yet.

Even in countries with advanced nuclear power and research programmes, the technical capacity to manage the cyber threat is severely low across the nuclear sector. In states with new or growing nuclear programmes, cyber security measures against the cyber-nuclear threat are almost non-existent. Nuclear cyber security expertise is in short supply, and the International Atomic Energy Agency (IAEA), which assists and trains countries in this area, lacks the resources to meet the growing threats.

Governments are going to identify and mitigate these risks, but cyber-attacks are getting more sophisticated day by day, and those in charge—from legislators to military officials to facility operators to regulators—must be vigilant.

In addition, nuclear power stations may be vulnerable to cyber-attacks that result in large-scale leaks of radioactive material, resulting in deaths, radiation sickness and psycho-trauma, severe property devastation, and economic disruption in the worst-case scenario.

Today’s cyber-attacks target a variety of computer systems that are used for a variety of objectives. No cyber-attacks on nuclear power facilities have resulted in radioactive material being released to date, but the patterns are concerning.

A cyber attack's goal may be to interrupt the operation of a nuclear site, inflict economic harm, disgrace government or utility executives, blackmail firms, get even, or simply to test one's skills or see what happens. There’s also a chance that cyber-attacks aimed at other targets will spread to nuclear power plants, causing unforeseeable damage. This possibility has been proved by the widespread propagation of Stuxnet. Given the potential for tremendous devastation, any successful cyber-attack on a nuclear plant would, at the very least, erode trust in the state's ability to act as a responsible host and in the owner and operator's ability to operate the facility safely and securely. Cyber-attacks may be meant to have just a local and restricted impact, while radioactive material discharged from a failing reactor knows no bounds. Cyber-attacks can be carried out by foreign governments, organisations antagonistic to a specific state's government, or individuals motivated by money, hatred, or curiosity.

All possible perpetrators must be addressed by the mechanisms designed to deter and combat such threats, taking into account the spectrum of motivations listed above.

For a variety of activities, modern nuclear power plants rely heavily on a large and diverse array of computers. Some computers may be used to monitor or control the operation of the reactor or its auxiliary systems. Computer networks are routinely used by nuclear power plant operators and technical support employees, and linkages between these systems and plant control systems may exist, sometimes known, sometimes unknown. The reactor may be forced into an accident if the hard- or software utilised is updated or replaced, and the emergency response systems may fail to avoid disaster.

Hacking in general, as well as attacks on ‘protected’ computer systems, is becoming more prevalent and sophisticated. All of the aforementioned concerns necessitate strong proactive countermeasures to prevent successful cyber assaults; the cost of insufficient protection might be severe.

Nuclear weapons, artificial intelligence, and cyberspace

When it comes to artificial intelligence (AI), cyberspace, and national security, there are more questions than answers. But these questions are significant as they touch on key issues related to how countries use increasingly powerful technologies while, at the same time, keeping their citizens secure. Few national security topics are as technical as nuclear security. How might the linkages between AI and cyberspace impact the security of nuclear systems?

A new generation of AI-augmented offensive cyber capabilities will likely intensify the military escalation risks associated with emerging technology, especially inadvertent and accidental escalation, such as increasing vulnerability of nuclear command, control, and communication (NC3) systems to cyber-attacks. Furthermore, the challenges posed by remote sensing technology, autonomous vehicles, conventional precision munitions, and hypersonic weapons to hitherto concealed and hardened nuclear assets. Taken together, this development might further destroy the survivability of states’ nuclear forces.

Missile misadventure and weakness in India’s technology

India launched a high-level investigation into a missile that landed in Pakistan's Punjab province's Mian Channu city on March 9. On March 9, 2022, during maintenance, a technical fault resulted in the unintentional launch of a missile. It was an episode that had the potential to be disastrous. Fortunately, the Pakistani armed forces responded calmly to the landing of an Indian missile near Mian Channu, refraining from any military reaction.

The tragedy has exposed India's technology and safety systems' serious flaws.

This isn't only a Pakistani issue; the international community should demand greater transparency from India as well. The fact that a nuclear-armed country's technology and command and control systems are so weak is cause for considerable concern around the world. All nuclear states should have well-established safety measures for nuclear weapons and security processes in place to ensure that no unwanted accidents can occur.

Unfortunately, this missile strike demonstrates that India's systems are either ineffective or compromised, or both. The relevant foreign agencies should insist that India's systems be inspected to ensure that all vulnerabilities and breaches have been fixed. Pakistan has a right to know this information because any negligence on India's side in handling its nuclear missiles directly affects it and poses a serious threat to lives. The incident sends a strong message to both India and Pakistan about the dangers of nuclear-armed South Asia. It must be dealt with the gravity it deserves, rather than being treated as a minor mistake whose investigation is kept secret from the public view. In this environment, both Pakistan and India, as nuclear rivals, should make sure that communication channels are kept open in order to prevent the recurrence of similar incidents.

Cyber-attacks on nuclear plants

In 2019, a malware attack targeted one of India's largest nuclear reactors, Kudankulam, which not only infiltrated the plant's firewalls but also allegedly stole data and information.

Though the attack was limited to the plant's administrative network and was not as severe as other malware attacks such as Stuxnet—the highly sophisticated computer worm best known for attacking nuclear centrifuges at Iran's Natanz facility—it raised serious concerns about nuclear safety measures around the world.

While the attack was finally traced to a North Korean gang, the uncertainty and speculation highlighted the difficulties in determining the source of cyber-attacks, as well as the potential for cyber threats to increase regional tensions.

A fire and explosion occurred at a centrifuge production plant at a nuclear enrichment facility in Natanz at about 2 a.m. local time on July 2, 2020. The attack was claimed by a group known as the "Cheetahs of the Homeland." Cyber sabotage, according to some Iranian officials, may have been the cause of the tragedy. In 2014, a cyber-attack disrupted a German nuclear power station. Moreover in March 2016, Belgium's nuclear plants face threat of cyber-attack.

International Coordination

International Community Meets to Reaffirm Common Commitment for Strengthening Nuclear Security The third International Conference on Nuclear Security: Sustaining and Strengthening Efforts (ICONS 2020) was held at the International Atomic Energy Agency's (IAEA) headquarters in Vienna, Austria, from February 10 to 14, 2020.

Over 57 ministers and more than 2000 specialists from more than 130 nations and 35 international organisations gathered at the IAEA headquarters to reaffirm their shared commitment to global nuclear security at the International Nuclear Security Conference. The participants also evaluated their efforts to ensure nuclear material and technology security. The goal of nuclear security, according to experts, was to prevent, identify, and respond to potential nuclear security incidents that terrorists or other hostile actors get access to nuclear or other radioactive material or engage in sabotage-related operations.

The participants adopted a declaration aimed at improving global nuclear security and combating nuclear terrorism and other destructive acts and acknowledged that nuclear security contributes to world peace and security.

RELATED

Load Next Story