News of another cyber attack on a nuclear power plant surfaced this week, as explained by Yukiya Amano, the director of the International Atomic Energy Agency’s (IAEA). Amano explained that the attack happened three years ago and was disruptive, however it was not serious because it did not shut down operations. The article discusses how serious this risk is and the need to take more precautionary measures to improve security in industrial systems.
I used to perform IT Audits of a utilities company, including their antiquated SCADA systems. Securing these systems is very complex and challenging. They are built to be available and have a very specific purpose to manage the energy grid. This often makes patching and currency a major issue and introduces vulnerabilities within the environment that are ripe for exploitation, as we see in this article.
I agree with the director that we need to improve security to our critical infrastructure. Hopefully, the industry heeds these early warning signs and begins to take significant action to improve security before it’s too late.