Natalie Fuchs is a member of the 2017 WiSe Cohort
The issues of cyber security and hacking in both defense and commercial contexts have grown dramatically over the last decade. Companies such as BP and J.P. Morgan report as many as 500,000 hacking attempts per day, and the U.S. Department of Defense (DoD) has invested over $25B in growing cyber research programs in the past five years. Database systems and networks have increasingly moved to digital rather than analog mediums to increase efficiencies in information management, and as such are put at increased risk of cyber attack. In light of events such as the Russian hacking of a Vermont utility, the wide-reaching and immediate effects of insufficient structural cyber security measures become increasingly clear.
As the incoming administration assesses critical security threats to the United States, they must most seriously consider the danger of offensive cyber attacks against nuclear power facilities in particular. The potential damage caused by cyber breaches is grave in many contexts, but holds dire implications for those facilities housing nuclear power plants. Those launching cyber attacks (operating as lone wolves, members of a terrorist organization, or conduits of a nation-state) could sabotage the digitized systems to release radiological material and potentially cause destruction in-line with the meltdowns experienced at Chernobyl or Fukushima.
Public concern regarding nuclear security seems most focused on the potential for terrorist organizations or non-state actors gaining access to nuclear weapons, but the true concern for the administration should be the ability of these groups to attack the digital infrastructure of nuclear facilities. While some argue the dangers of groups such as Hezbollah receiving either nuclear technology or extended terms of nuclear deterrence from a nuclear-armed Iran, the overhead costs of such a strategy far outweigh any benefits either the non-state actor or the state sponsor would reap. Furthermore, the incentives for state sponsors to provide nuclear technology or fissile material are exceedingly low, as attribution of nuclear attacks is simpler than is typically suggested and any strategies of deterrence they would hope to circumvent would be rendered ineffective. The costs to either party are far greater than the benefits of employing one hacker and supplying them with a laptop and Wi-Fi connection.
Although at this juncture it is widely believed that terrorist organizations do not possess hackers with enough technical skill to perform such cyber attacks, the desire they express to utilize nuclear material to their advantage should lead policymakers to believe they will continue in earnest to develop such resources. State-sponsored terrorism, while concerning in the extreme, should not be the main concern of decision makers regarding the nuclear space. Non-state actors won’t gain access to a nuclear weapon via state sponsors – they’ll trigger a less elegant but equally destructive nuclear meltdown at a key facility in Maryland, or Saint-Alban (France), or Dungeness (UK).
Regardless of the incoming administration’s thoughts on proliferation, protectionist policies towards allies, or alternative energy sources, these facilities still exist and must be protected. It is of paramount importance that these increased cyberdefenses be implemented at a faster pace than previous responses to cyber threats. The allowance of continued cyber security breaches by both nation states and individual hackers leaves the door open for increased threats to our nuclear infrastructure. The incoming administration would do well to carefully scrutinize current cyber policy relative to nuclear facilities, and consider it among the most important items on their security agenda.