The nation's unclassified nuclear computer systems are vulnerable to successful cyber attacks because "generic" security contracts don't make it clear who's responsible for keeping an eye on them, federal watchdogs said Tuesday.
The Nuclear Regulatory Commission's cybersecurity center isn't "optimized to protect the agency's network in the current cyber threat environment," the NRC's inspector general office's said. The NRC's classified systems are separate and weren't addressed in the inspector general's report.
The finding comes at a time when the number of reported "computer security incidents" at the NRC is rising at almost twice the rate of the federal government as a whole, it said.
The "incidents" aren't detailed, but the inspector general said they include unauthorized access to unclassified NRC systems, injection of malicious code, "social engineering" attacks to obtain passwords and personal information and unauthorized scans and other access attempts.
