According to the Chatham House, many plants aren't "air gapped" from the Internet. An "air gapped" computer is one that has no remote connections. Because many nuclear control systems aren't air gapped, hackers could potentially get into nuclear plants' internal systems remotely.
Even if they were air gapped, though, the researchers found that hackers could easily bypass security measures by bringing in portable media, like a thumb drive, to infect the nuclear plant with malware. That's the same way the damaging Stuxnet virus likely got on the computers controlling the Iranian nuclear centrifuges.
Worse, the cybersecurity experts at nuclear facilities don't communicate well with the workers running the facility. The Chatham House researchers say there are different corporate cultures within facilities, where they each do their own jobs and don't share potentially lifesaving information with each other.
Some cybersecurity people also take a reactive stance on security, rather than a proactive one. They're sometimes ready to fix a problem, like hacking, after it's already happened and caused damage. However, the researchers said that many nuclear security experts don't even have systems in place to alert them when a hack is occurring.
The potential threat of hackers attacking nuclear power facilities is scary, but what's worse is the researchers say there isn't much anyone can do about it, yet. What needs to change is the corporate culture within these facilities, where cybersecurity experts are compelled to be proactive, and to share information with the plants' employees. The findings of the Chatham House researchers hopefully are the first step in doing that.
A major cyberattack on America's infrastructure is almost a certainty. Find out how you can start preparing now so you and your family get through it OK.