Monday, December 21, 2015 by Greg White
Nuclear power plants have always been a target for terrorists, particularly as a means of cyber-warfare. According to a report released in October, however, the civil infrastructure in most nations is not well prepared to defend against such attacks. In an effort to mitigate these threats, security specialist Guardtime has been given the task of protecting the UK’s nuclear power stations, flood defense systems and electricity grid, using hash-function cryptography.
The UK infrastructure deal is in collaboration with Future Cities Catapult, a government supported center for the advancement of smart cities. The threat of cyberattacks has increased at nuclear facilities, as they become more reliant on digital systems and off-the-shelf software. Future Cities Catapult is fighting fire with fire by using blockchain systems, an enormous database that runs across a global network of computers, to keep cyberattacks at bay.
Blockchain systems identify and remove noted points of attack by disseminating the fixity of data over credible, private network validators, or questionable public ones consisting of many nodes like Bitcoin. Guardtime had actually been working on providing solutions to blockchain-like security before Bitcoin made its way onto the scene.(1)
In other words, the Blockchain system is breaking dogma harbored by the nuclear industry, which believes that nuclear power plants are invulnerable to cyberattacks because they are disconnected from public internet. This myth was called out for bluff by the think tank Chatham House in their recent report. In actuality, the chasm between public internet and nuclear systems can easily be bridged with a simple hard drive.(2)
Furthermore, researchers of the study found that many engineers bring their personal computers into work to manage computer systems. In addition, digital back doors are becoming increasingly common as companies use more monitoring systems. Finally, weak passwords susceptible to hacking, like “1234,” are being used on a wide range of computer systems that control critical systems in power plants.
“Cyber security is still new to many in the nuclear industry,” Caroline Baylon, an author of the report, told the Financial Times. “They are really good at safety and, after 9/11, they’ve got really good at physical security. But they have barely grappled with cyber.”(2)
Matthew Johnson, chief technology officer of Guardtime, claims that these industrial applications are to guarantee that management, control platforms and networks for nuclear power sub-systems are stable. According to Johnson:
“We can continuously monitor the integrity of the control platform so that operators who have access to management software see a picture of the system as true and correct against an approved configuration baseline, that there is an absence of compromise or malware in the software applications and configuration data responsible for operations.”(1)
He says the technology is intended to thwart accidents like the explosion at the Natanz in Iran from happening in the UK. Guardtime constructed Keyless Signature Infrastructure (KSI), which were hammered into an industrial blockchain. The KSI notices all data throughout the system, which enables independent verification of time, place and genuineness for any instant in history.
Dr Catherine Mulligan, head of Digital Strategy and Economics at Future Cities Catapult, explained in a statement: “Guardtime’s unique permissioned blockchain approach to large scale system integrity has tremendous potential to enhance the security of UK critical infrastructure and we are excited to work with the Guardtime team to build solutions that will play a key part in the government’s industrial strategy and showcase to the world how cities can be smarter in the future.”(1)
The statement went on to note that officials will address many of the security concerns highlighted in the report published by Chatham House. The nuclear industry is in a “culture of denial” about the reality of cyberattacks, which has caused many power plants to fail to protect themselves against digital attacks.(1)