ABU DHABI //Authorities should ensure they are prepared for the possibility of a cyberattack on the country's nuclear reactors once they are built, a leading security expert advises.
Cyberattacks are a threat to every nation, and the UAE is not exempt, said Richard Clarke at the Second Khalifa University Public lecture on Monday night.
Mr Clarke, who worked for three US administrations as a senior White House adviser, said: "I think you have to worry about the potential of people being able to hack their way into any electrical plant.
"In nuclear power plants, of course, it's worse because the reaction could be a nuclear meltdown."
Four nuclear energy reactors are planned for construction in Abu Dhabi, with the first one to be connected to the emirate's grid by 2017.
Mr Clarke said it was important that the new reactors have a unique operating system - "supervisory control and data acquisition", also known as Scada. The system should be unique and known only to a few people.
A unique Scada system ensures that even if a plant is successfully breached by a hacker, that attacker will still not be able to decipher the internal system.
"Abu Dhabi may want to think about it as they move down the road to installing four nuclear power reactors," he told the audience.
"In the wake of what happened in Japan, people ask if [nuclear power plants] are safe.
"The Scada systems that run nuclear power plants are the same as those that run conventional power plants.
"Is it possible to hack into a nuclear power plant? I think the answer is yes," he added.
A computer worm shut down a US power plant in 2003.
"It was not targeted on any particular system," Mr Clarke said. "It got into the control system of the nuclear power plant in Ohio and shut down the power plant."
Closer to the UAE, last July aworm called Stuxnet infiltrated an Iranian uranium enrichment programme, which was a closed network.
The infiltrating program confirmed to itself it was in the right system and communicated with specific motors running the centrifuges.
"This cyberattack was a precision attack that went after one particular target," he said.
The attack caused the centrifuges to spin at the wrong rate, damaging the uranium fuel rods and slowing down Iran's nuclear programme by at least a year.
"It is an extremely sophisticated attack," said Mr Clarke, who is the author of Cyber War: the Next Threat to National Security and What to do About it.
Editorial: Abandon nuclear power? That is not an option
Last Updated: Apr 20, 2011PM UAE
Until we can find a feasible alternative to nuclear energy, reducing reliance on one source of energy means that another must take its place.
Now that the worm has been released on the internet, saboteurs can modify it and go after other types of operating systems.
"It could go after, let's say, the Abu Dhabi electric system," he said. "The program can be very easily modified and available throughout the world, but also not only to hackers but to other nation states."
He said possible targets in the UAE were desalination plants, pipelines, oil refineries, ATMs and stock markets.
"All of those things have already been targeted successfully, but in a cyberwar it would be all those things happening intentionally and simultaneously," Mr Clarke said.
The solution he said, would be a completely closed network, and one that used cloud computing to share information. In that case, if one system is compromised, the remaining ones are left intact.
He also suggested local internet service providers could search for bugs online and destroy them, something that was not currently happening.
"There are hundreds of attacks a day but it's quiet - nothing explodes, people don't die - and therefore governments are not driven or forced to address the problem. Very little fundamentally has been done to address it."
