6 Apr 2016

Nuclear Security Summit addresses cyberthreats

The final day of the Nuclear Security Summit was dominated by discussions of potential threats to nuclear facilities from the Islamic State group, but President Barack Obama also took the opportunity to talk about cooperation among more than 50 other countries in protecting such facilities from cyberattacks.


"Fifteen new centers have been created around the world to promote nuclear security technologies and training, to share best practices," Obama said during a press conference on April 1. "And as part of our work today, we agreed to keep strengthening our nuclear facilities' defenses against cyberattacks."

He kicked off the summit by highlighting the fact that the threat from the Islamic State continues to evolve, though experts are skeptical about whether the organization is capable of carrying out attacks on critical infrastructure or nuclear facilities.

During the summit, the administration held a "scenario-based policy discussion" with heads of states to address the threats posed by Islamic State. Some of the threats also tie into critical infrastructure, an attack on which could cut off water or electricity to millions as people. An electricity outage in Ukraine last December is believed to be the first time power stations were disrupted via a cyberattack.

"At the end of the day, ISIS is going to strike symbolic targets such as what we saw in Paris and what we saw in Brussels, and nuclear facilities are highly symbolic targets," Aki Peritz, vice president of the Center for Intelligence Policy, told FCW. "But the idea that they can destroy a nuclear facility seems very complicated, and it seems much easier to attack a subway than to attack a nuclear facility."


During an Iowa State University roundtable discussion last week, Assistant Attorney General John Carlin said the threat that terrorist groups pose to critical infrastructure is real, and it is "a matter of time before they acquire some of the capability they are after."

But Peritz said Islamic State might not have enough knowledge to attack critical infrastructure because it likely would have done something by now if it could have. Furthermore, "terrorism is oftentimes theater, and the point is to terrorize," he added. "So of course they can try, but nobody is going to die because an electrical generator failed."

However, experts caution that efforts to secure critical infrastructure must consider all the angles.

For instance, "China has outlined building critical infrastructure technology that could be 'secure and controllable,' which essentially means they could allow backdoors in it," Sarah Granger, a fellow at the Truman National Security Project, told FCW. "This is concerning because any access point in any system creates a weakness, and adding additional means of access would weaken systems further. Critical infrastructure is too important to allow for that possibility."

The Department of Homeland Security continues to provide alerts to infrastructure providers and others to prevent cyberattacks against critical infrastructure.

fcw