Security flaws 'leave nuclear plants at risk'
Vulnerabilities in equipment used at nuclear plants and at borders could be exploited by hackers and terrorists, it is claimed.
Thursday 27 July 2017 15:02, UK
Critical security flaws have been found in devices used to monitor radiation levels in nuclear facilities and at borders globally, according to cybersecurity researchers.
It could allow terrorists to traffic nuclear material past radiation monitoring devices at air and sea ports by raising the radiation threshold that authorities' machines scan for.
An attacker could also falsify readings to hide a radiation leak or even falsely set off the alarm to make authorities believe one was taking place.
Alongside another attack - such as the Stuxnet computer worm which destroyed a fifth of Iran's nuclear centrifuges in 2010 - the vulnerabilities could be exploited to increase the time it takes to detect an attack against a nuclear facility.
The energy sector is a regular target for hackers, with the UK's National Cyber Security Centre (NCSC) warning that attackers have compromised organisations connected to the power grid.
There are 15 operational nuclear reactors at seven nuclear power plants in the UK.
Physical security for these locations is the responsibility of the Civil Nuclear Constabulary, but the NCSC is involved in protecting them from cyberattacks.
The Home Office also sponsors a programme called Cyclamen which attempts to detect radioactive material entering the UK through multiple border points.
When contacted for comment, the Home Office told Sky News: "We do not comment on national security matters."
"Failed evacuations, concealed persistent attacks and stealth man-in-the-middle attacks are just a few of the risks I flagged in my research," said Ruben Santamarta, the principal security consultant at US cybersecurity firm IOActive, which was behind the research.
Mr Santamarta's team found the vulnerabilities by analysing the software binaries and devices used by several popular sellers of radiation monitoring equipment, and announced their findings at the Black Hat USA conference in Nevada.
Mr Santamarta said: "Being able to properly and accurately detect radiation levels, is imperative in preventing harm to those at or near nuclear plants and other critical facilities, as well as for ensuring radioactive materials are not smuggled across borders."
Sky News also contacted the National Cyber Security Centre (NCSC) for comment but received no response.