Presentation is loading. Please wait.

Presentation is loading. Please wait.

Khammar Mrabit Director Office of Nuclear Security

Published byLillian Keyes Modified over 9 years ago

Similar presentations

Presentation on theme: "Khammar Mrabit Director Office of Nuclear Security"— Presentation transcript:

1 Khammar Mrabit Director Office of Nuclear Security
IAEA Office of Nuclear Security’s Initiatives in Cyber and Information Security Khammar Mrabit Director Office of Nuclear Security

2 IAEA Role Ministerial Declaration
We, Ministers of the Member States of the International Atomic Energy Agency (IAEA),...: Recognize the IAEA’s efforts to raise awareness of the growing threat of cyber-attacks and their potential impact on nuclear security, and encourage the IAEA to make further efforts to foster international cooperation and to assist States, upon request, in this area through the establishment of appropriate guidance and by providing for its application. 2

3 Computer and Information Security
The Computer and Information Security programme is focused on preventing computer acts that could directly or indirectly lead to: unauthorized removal of nuclear/other radioactive material sabotage against nuclear material or nuclear facilities theft of nuclear sensitive information . 3

4 Mobile Computing Devices
New Targets Mobile Computing Devices Control and Instrumentation System 4

5 International Instruments
FUNDAMENTAL PRINCIPLE G: Threat The State’s PP should be based on the State’s current evaluation of the threat. FUNDAMENTAL PRINCIPLE I: Defence in Depth The State’s requirements PP should reflect a concept of several layers and methods of protection (structural or other technical, personnel and organizational) that have to be overcome or circumvented by an adversary in order to achieve his objectives. FUNDAMENTAL PRINCIPLE L: Confidentiality The State should establish requirements for protecting the confidentiality of information, the unauthorized disclosure of which could compromise the physical protection of nuclear material and nuclear facilities. 5

6 International Instruments
Protection of computer systems associated with Other Radioactive Materials Such systems may include: Inventory systems/records Physical access control Security monitoring Operational Calibration Boarder monitoring 6

7 Nuclear Security Fundamentals (NSS 20)
Provide for the establishment of regulations and requirements for protecting the confidentiality of sensitive information and for protecting sensitive information assets; Ensuring through appropriate arrangements that sensitive information or other information exchanged in confidence is adequately and appropriately protected. Routinely performing assurance activities to identify and address issues and factors that may affect the capacity to provide adequate nuclear security, including cyber security, at all times. 7

8 Current Technical Guidance
NSS17 Computer Security at Nuclear Facilities The objective of the document is to provide guidelines to personnel designing, implementing, and managing Instrumentation and Control (I&C) and Information systems and networks at nuclear facilities. The guidance addresses prevention and detection of potential attacks through reference to best practices in architecture, assurance and management of security information and I&C systems. 8

9 Guidance published and in Draft
Fundamentals: NSS No. 20 Objective and Essential Elements of a State’s Nuclear Security Regimeobjectives, concepts, principles Recommendations: NSS No. 13 Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Revision 5) NSS No. 14 Nuclear Security Recommendations on Radioactive Material and Associated Facilities Implementing Guides: NSS XXX Information Security: Protection and Confidentiality of Sensitive Information in Nuclear Security Technical Guidance: NSS 17 Computer Security for Nuclear Facilities Other areas: Conducting Computer Security Assessments; Computer Security of Nuclear I&C Systems; Computer Incident Response 9

10 Proposed Additional Guidance
Nuclear Security Recommendations or Implementing Guide for Computer Security ? Computer Security Systems and Measures for Nuclear Facilities (implementing guide) ? Computer Security Practices for Nuclear Facilities (Technical Guide) ? These documents are designed to build a top to bottom framework to support Member States, Competent Authorities, and nuclear organizations in developing and conducting assurance activities for computer security. The development of these documents will be discussed at the next Nuclear Security Guidance Committee Meeting in October.

11 International Physical Protection Advisory Service (IPPAS)
New Information and Computer Security Review conducted during IPPAS Missions to: Netherlands, Finland, Romania Laboratories in Seibersdorf, Hungary Convergence of Physical Protection and Cyber Security 11

12 Training Activities Training Events
The request for awareness and advanced training by Member States continues to grow. This trend will only continue. Primary Training Courses Basic Information and Computer Security Awareness Conducting Cyber Security Assessments Advanced Course in Information and Computer Security Professional Development Course for Nuclear Security Professionals 2007 2008 2009 2010 2011 2012 2013 2014 Projected Training Events Requests are currently in place for 2014 Estimate a sustained 6-9 courses per year 12

13 2015 Cyber Security Conferences
IAEA International Conference on Cyber Security: “Nuclear Security in a Computer World: Prevention, Detection and Resistance to Emerging Cyber Threats” 8-12 June 2015 13

14 Cyber Security User’s Group
IAEA’s information portal for cyber security 14

15 Questions Thank you 15

Download ppt "Khammar Mrabit Director Office of Nuclear Security"

Similar presentations

Moving the ethical hiring of health workers forward

Moving the ethical hiring of health workers forward
1 Introduction to Safety Management April 2006. 2 Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.

1 Introduction to Safety Management April Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.
Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS 1 1 1.

Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
The Implementation Structure DG AGRI, October 2005

The Implementation Structure DG AGRI, October 2005
TEN-T Info Day for AP and MAP Calls 2012 EVALUATION PROCESS AND AWARD CRITERIA Anna Livieratou-Toll TEN-T Executive Agency Senior Policy & Programme Coordinator.

TEN-T Info Day for AP and MAP Calls 2012 EVALUATION PROCESS AND AWARD CRITERIA Anna Livieratou-Toll TEN-T Executive Agency Senior Policy & Programme Coordinator.
Evaluation arrangements in Lithuania 2007-2013 Neringa Jarmalavičiūtė, Evaluation Division, Ministry of Finance of the Republic of Lithuania.

Evaluation arrangements in Lithuania Neringa Jarmalavičiūtė, Evaluation Division, Ministry of Finance of the Republic of Lithuania.
EMS Checklist (ISO model)

EMS Checklist (ISO model)
IAEA International Atomic Energy Agency Introductions; Objectives and Scope of the Course Tr aining course on Authorization and Inspection of Uranium Mining.

IAEA International Atomic Energy Agency Introductions; Objectives and Scope of the Course Tr aining course on Authorization and Inspection of Uranium Mining.
SAI Performance Measurement Framework

SAI Performance Measurement Framework
Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.

Privacy Reporting and Investment Certification TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Environmental Management Systems Refresher

Environmental Management Systems Refresher
IAEA International Atomic Energy Agency Session II: The Policy Framework Manase Peter Salema, Director Division for Europe, Department of Technical Cooperation.

IAEA International Atomic Energy Agency Session II: The Policy Framework Manase Peter Salema, Director Division for Europe, Department of Technical Cooperation.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
1 Technical Meeting on Managing the Development of a National Infrastructure for Nuclear Power SECURITY STATUS IN CHILE Mauricio Lichtemberg Chilean Nuclear.

1 Technical Meeting on Managing the Development of a National Infrastructure for Nuclear Power SECURITY STATUS IN CHILE Mauricio Lichtemberg Chilean Nuclear.
Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.

Copyright © 2014 American Water Works Association Water Sector Approach to Process Control System Security.
Pakistan Nuclear Regulatory Authority

Pakistan Nuclear Regulatory Authority
IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.

IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Session V: Programme Roles and Responsibilities

Session V: Programme Roles and Responsibilities

Similar presentations

Ads by Google