The probability of a catastrophic event in a modern nuclear plant is vanishingly low. Even the overworked ancient plants from the 60's and 70's we are currently running are exceedingly safe.
People will rather take constant death from coal power than risk a low-probability event.
Yeah, but we have multiple catastrophes already, despite the vanishingly small number of nuclear plants. If we want to increase the number of nuclear stations by 10x, we need to make them 10x safer just to keep the number of catastrophes at the same 1/30y level. Do you have an idea how to make a nuclear plant 10x safer comparing to today?
There are 1) known reasons for known catastrophes, so we can protect against them, 2) unknown reasons for known catastrophes, so we need to make a guess, and 3) unknown reasons for unknown catastrophes, which are not happened yet, including state sponsored attack on a nuclear plant. We cannot be prepared for unknown unknowns, so we need to plan for the worst case scenario. The worst-case scenario for nuclear plant is continent scale Red Forest (about 1M Chornobyl's).
Do you know how to reduce continent scale threat to just the size of a nation or a town?
Nuclear fusion or LENR can do that, because of small amount of radioactive materials and no positive coefficient by design, but how you can do that for massive fission?
We know how to build safer nuclear now than we did 60 years ago when the current gen were mostly built.
Current generation nuclear plants default to off, they need active operation to stay on. If something goes wrong, they automatically, without any intervention by anyone, go offline.
Not sure I would describe a fear of nuclear holocaust as "irrational" - had the Cold War gone hot Germany would have been very heavily targetted.
Mind you, I'm not saying that justifies the current fear of nuclear power but then again it doesn't really surprise me. Maybe it's just a lingering fear of anything with "nuclear" in the name.
It's not impossible to purpose-build hardened, incompatible, read only systems that can submit telemetry to the outside world while only providing actual control on-site (or via restricted channels). Stuxnet wouldn't have happened (or would have been a very rare event) if they built their system this way.
Stuxnet happened despite being air gaped. Regardless, I am confident you can place physical safeguards that could not lead to nuclear emissions even in the event of loss of control over the computer systems.
It happened despite being air-gapped, because they used general purpose hardware and software. If their systems were built on purposely incompatible hardware and software (as I proposed) and could mainly communicate using a serial console, the attack surface would be much, much lower, and the attacks would be much, much harder.
Having worked on for a short stint with some power plant control systems, I can say that, at least the systems I worked with, were quite niche. The actual control was happening on these racks that ran a VxWorks OS on some Motorola, I think they were, MCU's. Despite this, the systems were interfaced with some Windows machines that did supervision. When they were operating, they had redundancies, and were quite locked down. Of course, at that time, I was a noob and did not understand _everything_ that was going on in there.
Actually, now that I think of it, the WDPF system it was derivated off was used in some nuclear power plants as well.
Regardless, what I wanted to say was... being obscure, while it makes things mildly harder for skiddies is not a big deal for state actors or more resourceful attackers. The Stuxnet was highly targeted and they got access to specific vulnerabilities in the Siemens DCS systems that were running there. Just having exotic systems is no guarantee. I agree, obscurity is a layer of defense in depth, but no guarantee. Surely you don't suggest they use a new purpose built HW for each control system design. Also, control systems DO need to have their SW updated as well. It's obvious you can't make it hard read only. You do have physical lockout mechanisms for this though.