The tests are planned for later this year and, according to unnamed government sources quoted by UK newspaper The Guardian, constitute “prudent planning” rather than a response to knowledge of an imminent threat.
The sources reportedly said the exercises will “give us the ability to test these systems, and make sure that we learn any lessons” through simulated cyber attacks.
British Prime Minister David Cameron is in the US this week attending a 50-nation nuclear security summit.
Richard Brown, director for EMEA Channels & Alliances at cybersecurity firm Arbor Networks, commented on technology news website ITProPortal that “A proactive approach to security is the best form of defence, with people and analytics tools being used to actively search for threats, instead of waiting for an event to take place.
“Any test that focuses organizations on their incident handling processes and communications is a good thing,” he added, “as the more these are used and tested the better our people and processes – and thus our defensive capabilities – become.”
In October a report from UK thinktank Chatham House found [previous article] that most nations’ nuclear infrastructure is not well-prepared for the consequences of a cyber attack on a nuclear facility. According to the report, the risks include aging nuclear infrastructure, insecure design, increasing conversion to digital systems, and the growing use of commercial software at nuclear power installations without taking steps to boost its security.
Cybersecurity firm Guardtime won a contract in December [previous article] to protect the UK’s nuclear power plants, grid and flood defence systems from cyber attacks. The firm said it would address the concerns raised in the Chatham House report.