WHEN the Nuclear Threat Initiative (NTI) began tracking nuclear security conditions worldwide in 2012, there were 32 countries with one kilogram or more of weapons-usable nuclear materials, down from more than 50 in the 1990s. The 2018 edition of the NTI index, released today, features just 22 such countries, and although four of them - India, North Korea, Pakistan and Britain - have increased their quantities of weapons-usable nuclear materials since 2016, six have taken steps to reduce them.

The ranking, developed by the NTI and the Economist Intelligence Unit in conjunction with international nuclear security experts, also assesses the risk of theft of such materials (21 of the 22 countries have seen an improvement), and of sabotage in 45 countries with nuclear facilities. Of these, it finds that 78% have improved their sabotage ranking scores in the past six years.

However, one area where the NTI finds more room for improvement is cyber-security. Like all critical infrastructure, nuclear facilities are not immune to cyber-attack, and the twin risks of sabotage and theft as a consequence of a breach leave the sector especially exposed. The pace of cyber-attacks, including those involving nuclear facilities, has accelerated in recent years. In 2016, three publicly known cyber-attacks or attempts on information systems at nuclear facilities occurred at the University of Toyama’s Hydrogen Isotope Research Centre in Japan; the Gundremmingen Nuclear Power Plant in Germany; and one incident that affected both the Nuclear Regulatory Commission and the Department of Energy, which oversees America's nuclear weapons programme, in the United States. And in 2017, the Wolf Creek Nuclear Station in Kansas had its business systems compromised in a series of attacks targeting the energy sector.

According to the NTI, government authorities and facility operators are struggling to keep pace with this new threat, and national and international guidance is still evolving. It recommends a combination of technology and expertise to mitigate these risks, and the sharing of threat information among governments.