The risk of a serious cyber attack on civil nuclear power plants is increasing, according to a study from policy institute Chatham House.
The report, Cyber security at civil nuclear facilities: understanding the risks, says the growing reliance on digital systems and use of commercial "on-the-shelf" software leave nuclear power plants increasingly vulnerable.
The study, which examined the range of potential cyber threats to nuclear installations, also found a lack of awareness of risks among senior executives. It warns that the industry is mistaken in believing nuclear facilities are protected from cyber attack because they are "air gapped" - isolated from the public internet.
"Not only can air gaps be breached with nothing more than a flash drive, but the commercial benefits of internet connectivity mean that nuclear facilities may now have virtual private networks and other connections installed, sometimes undocumented or forgotten by contractors and other legitimate third-party operators," says the report.
Most nuclear workers also lack training in spotting and combating potential attacks which, combined with communication breakdowns between engineers and security personnel, leaves staff with little understanding of key cyber security procedures, the study found.
Recommendations to boost security at civil nuclear sites include developing guidelines to measure cyber risk in the industry, such as through an integrated risk assessment that takes into account security and safety measures, and promoting good IT hygiene, such as forbidding the use of personal devices.