Worldwide, hackers are pursuing nuclear facilities, which are some of the most heavily regulated facilities in Uganda. Nuclear facilities use nuclear technologies during their operations. Despite the safeguards and nuclear security measures, the opportunities for espionage and much worse have them alluring to hackers.
In Uganda, nuclear technology applications are used in practices like medical, industrial, agricultural and research for irradiation, well logging, cargo scanning, radiotherapy, nuclear medicine and nuclear gauging. Such nuclear applications are vulnerable to cyber hacking and espionage threats.
The recent cyber-attacks on critical infrastructure in various countries, including a ransomware attack on Düsseldorf University hospital in Germany that caused a patient’s death (BBC News, 2020), have highlighted the risks of cyber threats to public health and safety. The nuclear industry is no exception, as it relies on computer systems and networks for various functions, from controlling medical equipment to managing physical access to areas with radiation sources.
However, the security of these systems is not always guaranteed, as hackers and spies can exploit vulnerabilities and weaknesses to steal sensitive data, sabotage operations, or cause nuclear accidents. For instance, a cyber-attack on a radiotherapy machine could change its settings and harm patients, or a theft of nuclear material could lead to its illicit use by terrorists or rogue states leading to catastrophic consequences.
Therefore, it is crucial for the nuclear industry in Uganda, as well as other countries, to strengthen their cyber security measures and practices. This includes investing in secure networks, access controls, encryption, backups, testing, and continuous training of staff and stakeholders about the imminent cyber threat. It also involves collaborating with government agencies, regulators, and international organizations to share information and expertise on emerging threats and best practices.
Atomic Energy Council (AEC), which has the responsibility to regulate and monitor the use of radiation sources in the country, recognized the importance of cyber security and is working on improving its regulatory framework and monitoring systems to ensure that appropriate security measures are in place by facilities to prevent unauthorized access and potential cyber threats to operational technology (OT) and informational technology (IT) systems.
The current legislative regime to regulate the safe and secure use of nuclear technologies includes the Atomic Energy Act No. 24 (2008) and the Atomic Energy (Security of Radioactive Materials) Regulations (2021). While the legislative regime for the ICT sector includes the Uganda Computer Misuse (Amendment) Act (2022) and the National Information Security Framework (NISF) (2014). These laws do not directly address the cyber security requirements for the nuclear industry as recommended by the International Atomic Energy Agency (IAEA) safety and security standards (Nuclear Security Series No.42 G, 2021). AEC is in the process of developing a national regulation on cyber security in the nuclear industry.
In conclusion, Uganda’s nuclear industry is vulnerable to cyber hacking and espionage threats that require urgent and concerted actions to mitigate and prevent. The government agencies, the private sector and international organizations must work together to ensure the safety, security, and resilience of the nuclear industry and its users, and to protect public health and the environment from the dangers of ionizing radiation as a result of cyber threats.
