Reframing the narrative on nuclear weapons: Insights & Findings Report

Reframing the narrative on nuclear weapons: Insights & Findings Report

This new publication represents 14 months of investigation into how future nuclear weapons policy can be more relevant to the concerns and security of the next generation. Our aim has been to explore this by engaging new perspectives within the next generation of policy shapers, those with ideas unstructured by Cold War experiences, but nevertheless motivated to take action to move beyond the legacies from past generations, focused on future decisions over global policy challenges. We used a variety of tools, including focus groups, systems mapping, and expert roundtable discussions utilising different frames of reference and disciplines for comparison.

We hope this report serves as a point of departure in developing innovative ideas to engage new people within the next generation of policy shapers in the interests of furthering nuclear non-proliferation and disarmament. We would like to thank the William and Flora Hewlett Foundation for their foresight in funding this project with the expressed purpose of stimulating new ways of thinking and working in this field.

Read the full report here

 

Report finds many nuclear power plant systems “insecure by design”

A study of the information security measures at civilian nuclear energy facilities around the world found a wide range of problems at many facilities that could leave them vulnerable to attacks on industrial control systems—potentially causing interruptions in electrical power or even damage to the reactors themselves.

The study, undertaken by Caroline Baylon, David Livingstone, and Roger Brunt of the UK international affairs think tank Chatham House, found that many nuclear power plants’ systems were “insecure by design” and vulnerable to attacks that could have wide-ranging impacts in the physical world—including the disruption of the electrical power grid and the release of “significant quantities of ionizing radiation.” It would not require an attack with the sophistication of Stuxnet to do significant damage, the researchers suggested, based on the poor security present at many plants and the track record of incidents already caused by software.

The researchers found that many nuclear power plant systems were not “air gapped” from the Internet and that they had virtual private network access that operators were “sometimes unaware of.” And in facilities that did have physical partitioning from the Internet, those measures could be circumvented with a flash drive or other portable media introduced into their onsite network—something that would be entirely too simple given the security posture of many civilian nuclear operators. The use of personal devices on plant networks and other gaps in security could easily introduce malware into nuclear plants’ networks, the researchers warned.
The security strategies of many operators examined in the report were “reactive rather than proactive,” the Chatham House researchers noted, meaning that there was little in the way of monitoring of systems for anomalies that might warn of a cyber-attack on a facility. An attack could be well underway before it was detected. And because of poor training around information security, the people responsible for operating the plants would likely not know what to do.

That problem is heightened by what the researchers characterized as a “communication breakdown” between IT security professionals and the plant operations staff, and a simple lack of awareness among plant operations people about the potential dangers of cyber-attacks. Cultural differences between IT and nuclear engineering culture cause friction at some facilities, in fact—making it difficult for IT and security staff to get across the problem with the poor security practices in the plants.

Unfortunately, there’s no way to tell how bad the problem really is, because the nuclear industry doesn’t talk about breaches.

“The infrequency of cyber security incident disclosure at nuclear facilities makes it difficult to assess the true extent of the problem and may lead nuclear industry personnel to believe that there are few incidents,” the researchers wrote in their summary. ”Moreover, limited collaboration with other industries or information-sharing means that the nuclear industry tends not to learn from other industries that are more advanced in this field.”

These issues, combined with a lack of regulation, may lead to an underestimation of risk by nuclear operators and result in a lack of budgeting or planning for reducing the risk of attack. More

 

UN Calls for Israel to ‘Renounce Nuclear Weapons

The United Nations General Assembly overwhelmingly passed a resolution on Tuesday demanding that Israel “renounce possession of nuclear weapons” and open its arms to global regulation.

The measure, which is non-binding, was approved 161 to 5, with the United States, Canada, Palau, Micronesia, and Israel voting “no” and 18 countries abstaining.

Israel is the only Middle Eastern country that refuses to sign the Treaty on the Non-Proliferation of Nuclear Weapons, with India, Pakistan, and North Korea also declining.

While Israel does not publicly acknowledge its nuclear arsenal, its existence is widely known. A reportreleased by the Stockholm International Peace Research Institute this summer found that Israel unlawfully owns 80 nuclear warheads, making it the only Middle Eastern nuclear power.

Introduced by Egypt, the resolution calls for Israel to “accede to [the non-proliferation treaty] without further delay, not to develop, produce test or otherwise acquire nuclear weapons, to renounce possession of nuclear weapons.” It also urges the state to subject itself to regulation by the International Atomic Energy Agency of the UN. More