7 Ways to cyber-secure a nuclear power plant

The first indication that something was amiss came at 9 a.m. on Saturday, January 25, 2003. Workers at the Davis-Besse nuclear power plant, in Ohio, noticed a slowdown in applications on the corporate WAN. Little did they know a worm called SQL Slammer was hammering the network. And things were about to get worse. By 4 p.m. the malware had gotten into the systems used to control the reactor. The Safety Parameter Display System, which tells operators about the state of the plant, blinked off at 4:50 p.m. Twenty-three minutes later the Davis-Besse Plant Process Computer crashed. Fortunately, the reactor itself was offline for repairs. It took several hours to restore the systems.  See also: Why CFOs should spend more on cybersecurity An isolated case? Sadly not. Davis-Besse was one of the first cyber-related events suffered by a nuclear power plant, but is not the only one. Although firm numbers are hard to come by, nuclear plants around the world have suffered at least half a dozen significant IT breaches in recent years. These include the Stuxnet malware that targeted and damaged a fifth of the nuclear centrifuges in Iran and a hacker who stole plant blueprints in Korea.