Since the late 1990s, the U.S. Government has designated parts of our infrastructure as “critical,” meaning that attacks on such sectors could cause catastrophic damage. There are now a total of sixteen sectors that are considered critical infrastructure. And of late, cyber espionage has emerged as a potentially pernicious threat to this infrastructure, made apparent to lawmakers only in 2007 as a result of a simulated cyber attack on the power grid called “Aurora.”
As “Aurora” demonstrated, action is required to ensure that all critical infrastructure sectors actively update their cybersecurity both in terms of behavior and physical protection. As it is now, regulatory organizations and individual private companies are the only ones tasked with protecting our infrastructure. The Federal Government has done little to incentivize progress. While Congress can be a catalyst in reducing our cyber insecurity, they are not the ultimate deciders on this issue. About 85% of our critical infrastructure is controlled by the private sector. In order to preserve innovation and autonomy in industry, the government must simply provide tools and incentives for ensuring national security. They need to enable industry to take ownership of security. Even in today’s political climate, policymakers must cooperate to incentivize the private sector. Beyond that, to cope with fiscal constraints they must prioritize securing the most vulnerable and potentially damaging sectors.
The security of our nuclear facilities, including our nuclear power plants, research reactors and nuclear waste repositories, should be a high priority. It only takes one successful hack of the command and control of one of these plants to cause a nuclear disaster on par with Fukushima or Chernobyl. There have already been many attempted cyber attacks on all of these facilities. The long-lasting effects from nuclear plant failures exceed the capability of even the most coordinated emergency response to mitigate. What’s more, you can imagine the potential impact a cyber attack on a nuclear facility would have on the American psyche.
To put the issue in perspective, 37 states are home to nuclear power plants or research reactors. Even more troubling is that research reactors, usually associated with institutes of higher education, are often located in highly populated areas.
The potential consequences deserve a concerted effort to invest in the security and safety of our nuclear material. While President Obama has made significant strides in securing nuclear material both here and around the world, the Y-12 break-in highlighted the glaring weaknesses in our own system.
The threats of the past and the threats of the future can no longer be viewed dichotomously. The sheer costs of cleaning up such a catastrophe in addition to the loss of confidence in the American infrastructure would be disastrous. We can’t afford not to prepare for this contingency. For the good of the nation, the Federal Government needs to further incentivize private contractors managing nuclear facilities to invest in cybersecurity. The U.S. should be a pioneer in creating a culture where effective network protection is expected and demanded, by our legislators and by our people.