Cybersecurity Culture at Nuclear Facilities

Maheen Shafeeq - Centre for Aerospace & Security Studies (CASS)
Nuclear facilities have become vulnerable to cyberattacks due to an increase in the number of facilities, a reliance on cyber technologies, and the sophistication of high-profile cyberattacks. This paper assesses the risks that cyberattacks pose to nuclear facilities and argues that the nuclear facilities could encounter political, strategic, economic, and environmental consequences, in addition to the loss of public trust and confidence in an adverse situation. To address these risks, it is necessary that timely steps be taken in order to secure nuclear facilities from cyberattacks. One measure suggested in the paper is to strengthen cybersecurity at nuclear facilities is by cultivating a “cybersecurity culture.” In order to adopt a cybersecurity culture, a top-down approach is put forth in the paper. Under this approach, four levels are discussed: international, state, facility, and individual. The international community, under this approach, would initiate the debate on cybersecurity culture. The state would develop comprehensive cybersecurity policies for nuclear facilities. The management at facilities would take measures to implement a cybersecurity culture. Lastly, due to measures taken by the facility management, the individuals would be able to develop a habit of cybersecurity culture. The paper analyses that the individuals play the most important role among the four levels. The methodology used for the research includes twelve interviews of Sandia subject matter experts and secondary data analysis.