Nuclear Cyber Attacks: A Study of Sabotage and Regulation of Critical Infrastructure

Abstract

As of 2021, the World Nuclear Association reports 440 Nuclear reactors are in operation worldwide in 30 countries generating capacity of 390 (GW) which is equivalent to about 10% of the world’s electricity. After Hydroelectric power, nuclear is the world's second largest source of low-carbon power. Important new nuclear technologies including the Small Modular Reactors (SMRs) are being developed globally creating more efficient and safer reactors that can be reproduced off site. 
 While governments redoubled their commitments to reducing greenhouse gas emissions at the UN Climate Change Conference (COP26) in Glasgow, the recovery of economies following the harsh impacts of COVID-19 led to a surge in energy demand that surpassed the growth in production from clean sources including nuclear. The safety and security of nuclear power has received renewed attention since the Russian invasion of Ukraine presenting growing concern about the potential threat of increased malevolent cyber activity against Ukraine’s critical infrastructure. Moreover, there have been more than 20 known cyber incidents worldwide at nuclear facilities since 1990. 
 To address these concerns this paper focuses on the progress of cyber security and cyber resilience in the nuclear industry globally. The 2015 cyber-attack on the Ukrainian Kyivoblenergo, a regional electricity distribution company was analyzed by multiple sources including private companies, investigators in Ukraine, and the U.S. government. The analysis revealed many opportunities to stop or prevent this attack, however, the nuclear industry continues to face serious challenges in protecting against cyber threats. This research will investigate through a comparative analysis the recent government regulations, rules and standards, for nuclear cyber security safety in the United States and internationally to determine whether these laws adequately protect energy infrastructure from cyberattacks and hold responsible parties accountable. Recent initiatives by government and the private sector to enhance the opportunities for improving cyber security in the nuclear sector will be reviewed to determine best practices for improving nuclear safety and cyber resilience.