Presentation is loading. Please wait.

Presentation is loading. Please wait.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

Published byMerilyn Morrison Modified over 8 years ago

Similar presentations

Presentation on theme: "IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A."— Presentation transcript:

1 IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A. Cavina (IAEA-NSNS)

2 IAEA IAEA and Nuclear Security Office of Nuclear Security was created (2002) to address the urgent threats posed by the changing geopolitical situation The Nuclear Security programme has been one of the fastest growing programmes in the IAEA Current budget €15-20m/year Focus on prevention, detection and response to malicious acts (sabotage, insider threat, theft...) About 50 staff

3 IAEA Interplay within Nuclear Security NUCLEAR SECURITY FRAMEWORK Conventions Laws & regulations Regulatory bodies Law enforcement Threat assessment Accounting and control Guidance Prevention Detection/response Coordination Security culture TARGETS Nuclear weapons Nuclear material Radioactive material Nuclear facilities Transports Transits Technology Cyberspace Sensitive information THREATS Terrorists Criminal organizations Non-state factions

4 IAEA IAEA - Improving Nuclear Security Promoting international instruments and their implementation Developing recommendations and guidelines Providing evaluation and advisory services Providing education and training – human resource development Providing technical improvements and upgrades Coordinating Member States and the global effort towards Nuclear Security

5 IAEA Nuclear Security & Cybersecurity Cyber is a relative newcomer in an established culture of (physical) security Two documents in the Nuclear Security Series (to be published 2009, available in draft version) A series of training courses on offer, from awareness to technical issues A pilot Security Assessment Service at facilities Coordination & cooperation with national authorities (regulators & operators)

6 IAEA Computer Security at Nuclear Facilities The history: Work started in 2003!! Has been the object of 4 CMs and 1 TM Has been widely reviewed Will be published later in 2009 Computer Security at Nuclear Facilities

7 IAEA Why an IAEA CompSec document? Global reasons: Attackers focus on critical infrastructure (existing examples of sabotage / extortion), new attention to SCADA systems as targets Relevant legislation and regulations of the field are lagging behind Not all national infrastructures have recognized and standardized the issue Existing international guidance is not industry specific and fails to capture some of the key issues No existing IAEA document specifically addresses the field

8 IAEA Why an IAEA CompSec document? Technological reasons: Increased presence of digital I&C systems in the design of new (and old) NPPs and the corresponding introduction of new and unknown vulnerabilities Increased interconnection and reliance of Physical Protection systems on computerized systems (alarms, access control,...) Increased request for connection of Extranet, Intranet (Business) and Control networks

9 IAEA Approaches: Responsibilities Ensuring continuity and thoroughness in the implementation of security through levels of resp. Connecting the levels and the relevant expertise Regulating cybersecurity in all critical infrastructure

10 IAEA App. II: Threat identification Threats of either stand alone attacks or coordinated attacks including the use of computer systems should be incorporated into DBT (Design Basis Threat) scenarios An adequate process of intelligence gathering is required to ensure the completeness and relevance of each facility’s attacker matrix Likewise sensitive assets and their vulnerabilities should be identified and assessed

11 IAEA App. III: People issue No technological solution will replace the security provided by well trained personnel Security awareness should start at the very highest level  Direct reporting lines for Security responsibilities!

12 IAEA GRADED APPROACH TO COMPUTER SECURITY The security of CS to be based on a graded approach The assignment of CS to different levels and zones should be based on their relevance to safety and security The risk assessment process should be allowed to feed back into and influence the graded approach

13 IAEA Special considerations for Nuclear Facilities Facility lifetime phases and modes of operation Differences between IT systems and control systems Demand for additional connectivity and related consequences Considerations on software updates/patching Secure design and specifications for computer Systems. Third party/vendor access control procedure

14 IAEA With many thanks... Andrea Cavina Office of Nuclear Security International Atomic Energy Agency A.Cavina@iaea.org +43-1-2600-26637 http://www-ns.iaea.org/security/

Download ppt "IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A."

Similar presentations

Department of Homeland Security Site Assistance Visit (SAV)

Department of Homeland Security Site Assistance Visit (SAV)
IAEA International Atomic Energy Agency Introductions; Objectives and Scope of the Course Tr aining course on Authorization and Inspection of Uranium Mining.

IAEA International Atomic Energy Agency Introductions; Objectives and Scope of the Course Tr aining course on Authorization and Inspection of Uranium Mining.
Khammar Mrabit Director Office of Nuclear Security

Khammar Mrabit Director Office of Nuclear Security
IAEA 1 The IAEA has revised the 1996 Safety Standards 50-C/SG-Q: QA Requirements and Safety Guides Published in 1996 Promotes structure: –Management –Performance.

IAEA 1 The IAEA has revised the 1996 Safety Standards 50-C/SG-Q: QA Requirements and Safety Guides Published in 1996 Promotes structure: –Management –Performance.
Pakistan Nuclear Regulatory Authority

Pakistan Nuclear Regulatory Authority
In-depth look at ISACS 05.20 Stockpile Management: Weapons Photo: MAG.

In-depth look at ISACS Stockpile Management: Weapons Photo: MAG.
IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.

IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.
Alexander Brandl ERHS 561 Emergency Response Environmental and Radiological Health Sciences.

Alexander Brandl ERHS 561 Emergency Response Environmental and Radiological Health Sciences.
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.

1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.
UK Office for Security & Counter Terrorism Future threats and the potential role of the CBRN Action plan in supporting the BTWC Dr Catherine Terry International.

UK Office for Security & Counter Terrorism Future threats and the potential role of the CBRN Action plan in supporting the BTWC Dr Catherine Terry International.
Role of Independent Regulatory Body for Safe Operation of NPPs Zia Hussain Shah Director, Centre for Nuclear Safety Pakistan Nuclear Regulatory Authority.

Role of Independent Regulatory Body for Safe Operation of NPPs Zia Hussain Shah Director, Centre for Nuclear Safety Pakistan Nuclear Regulatory Authority.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.

IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.
Technical Meeting on Evaluation Methodology for Nuclear Power Infrastructure Development 10-12 December, 2008 Nuclear Safety in Infrastructure Building.

Technical Meeting on Evaluation Methodology for Nuclear Power Infrastructure Development December, 2008 Nuclear Safety in Infrastructure Building.
IAEA International Atomic Energy Agency How do you know how far you have got? How much you still have to do? Are we nearly there yet? What – Who – When.

IAEA International Atomic Energy Agency How do you know how far you have got? How much you still have to do? Are we nearly there yet? What – Who – When.
HOMELAND SECURITY ADVISORY SYSTEM. Established after the terrorist attacks on America September 11, 2001.

HOMELAND SECURITY ADVISORY SYSTEM. Established after the terrorist attacks on America September 11, 2001.
IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.

IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.
LEGAL FRAMEWORK & REGULATORY SYSTEM f or introduction of NPP into Vietnam Le Chi Dung (VARANS, Vietnam) Vienna, 10-12 December 2008.

LEGAL FRAMEWORK & REGULATORY SYSTEM f or introduction of NPP into Vietnam Le Chi Dung (VARANS, Vietnam) Vienna, December 2008.

Similar presentations

Ads by Google