In nuclear power plants there are large security measures. We are not talking about simple alarm systems to act quickly in the event of a system failure, but more important aspects such as depressurization of the core or its cooling.
However, the cyber and technological security of nuclear power plants in Spain is virtually unknown. At a time when the Internet is so present (and there are so many cyber attacks on large companies), many people wonder if it would be possible to cyber attack a nuclear power plant, with the dire consequences that this could have.
Can you cyber attack a nuclear power plant?
Different security experts claim that it could be possible, although very complicated and unlikely.
The administrative and management computer systems in a nuclear power plant are physically and digitally separated from those in charge of operations. For this to be the case, the management network must be independent of the operating systems. This means that the operational part of a plant cannot be accessed through computer systems, since they are completely disconnected.
The administrative management of the plant is connected to the Internet, so it could be the object of a cyberattack, although the work of the plant itself would not be affected.
There are certain control systems that are based on digital technologies and are responsible for the support systems for the operation of the plant. However, these types of systems are isolated from the networks and only send data abroad.
Internet connection is limited and limited
But this separation is not the only security measure related to the Internet. In the vast majority of exchanges, the WiFi connection is restricted and external suppliers and companies are required to comply with a series of digital security controls and measures that limit the exposure of the assets of a nuclear power plant to possible external attacks.
Being critical infrastructure, the safety of nuclear power plants is supported by the Government. This is the CERT of Security and Industry (CERTSI_), or the Capacity for Response to Information Security incidents of the Ministry of Industry, Energy and Tourism and the Ministry of Interior and competent body in the prevention, mitigation and response to cyber incidents , both for companies and citizens and operators of critical infrastructure.
The digital security of critical infrastructures is regulated at European and national level.
In 2008, Directive 2008/114 / EC was approved to identify and designate European Critical Infrastructures (ICE). This directive proposed an approach to improve the protection of this type of infrastructure.
A critical infrastructure is an essential element or system for the maintenance of vital social functions, health, physical integrity, security, and economic or social welfare of a population. Nuclear power plants are of this type.
The replica in our country of this Directive is Royal Decree 704/2011, which establishes the design of the strategy to prevent and protect this type of infrastructure from threats that originate and apply through the technologies of the communication.