Incorporating Cyber Denial And Deception Capabilities Into The Nuclear Energy Domain

While improvements have been made to secure nuclear materials and facilities internationally, the recently published Nuclear Security Index reported this progress has slowed significantly over the past two years. Nearly half of the countries with relevant nuclear facilities have no regulations for cyber security at those facilities. Cyberattacks provide hackers with opportunity to manipulate critical nuclear facility systems and threaten to undermine international cooperation and nuclear diplomacy. Digital deception, or the dissemination of deliberately misleading information online, can be propagated in a variety of ways including microtargeting, bots, and deep fakes. False information, passed off as factual, has the potential to threaten nuclear security which has relied upon a “trust but verify” mantra. Traditional defense-in-depth strategies are not suited to counter today’s information warfare campaigns where human vulnerabilities can be exploited. Sophisticated, well-organized attackers (i.e., the advanced persistent threat) continue to bypass traditional defense mechanisms. Unconventional and active defense security techniques are required. This paper will define the 4D threat, explore strategies to counter the risks, and propose new models for incorporating cyber denial and deception capabilities into the nuclear enterprise.