"As a relatively young field, national cyber security policy has been open to speculation about potential threats. However, in 2011, network operators have accumulated enough experience and data from real world attacks to draw a more realistic picture of the threats facing critical infrastructures. This paper will examine the history of cyber security incidents at nuclear facilities to assess the extent to which recorded vulnerabilities pose an 'epic' threat. Specifically, it will examine three cyber incidents that occurred at U.S. nuclear facilities between 2003 and 2008. It will then turn to details of the 2010 Stuxnet attack against the Iranian nuclear program to outline similarities with the three U.S. incidents. The lessons from these four incidents suggest that situational awareness and other security measures are too weak in their current state to guarantee that a catastrophic attack will never happen. However, it will also argue that launching a catastrophic attack is not simple and requires a sophisticated adversary. The article will then turn to gaps in nuclear regulation that policy makers should consider when formulating cyber security policies, not only for nuclear facilities, but for other critical infrastructures."
Naval Postgraduate School, Center for Contemporary Conflict: http://www.ccc.nps.navy.mil/
Strategic Insights (Spring 2011), v.10 no.1