The commercial benefits of Internet connectivity mean that a number of nuclear facilities now have VPN (virtual private network) connections installed, and search engines can readily identify critical infrastructure components with such connections, the report said.
Even where facilities are "air gapped," or isolated from the public Internet, this safeguard can be breached with nothing more than a flash drive, it said.
The authors of the report also said that factors, such as supply chain vulnerabilities, a lack of personnel training and reactive rather than proactive approaches to cyber security, were leading to increasing risks of cyber security.
Given the risks, the authors suggested several measures be taken to beef up cyber security in nuclear facilities.
These measures include an integrated risk assessment, implementing rules to promote good IT hygiene, the establishment of industrial CERTs (computer emergency response team), and encouraging universal adoption of regulatory standards.
By Ruchi Singh
reporter
Park Sae-jin
swatchsjp@ajunews.com
