IAEAInternational Atomic Energy Agency

IAEA Nuclear Security Programme

Enhancing cybersecurity in nuclear infrastructureTWG-NPPIC – IAEA May 09 – A. Cavina (IAEA-NSNS)

IAEA

IAEA and Nuclear Security

• Office of Nuclear Security was created (2002) to address the urgent threats posed by the changing geopolitical situation

• The Nuclear Security programme has been one of the fastest growing programmes in the IAEA

• Current budget €15-20m/year

• Focus on prevention, detection and response to malicious acts (sabotage, insider threat, theft...)

• About 50 staff

IAEA

Interplay within Nuclear Security

NUCLEARSECURITYFRAMEWORK

ConventionsLaws & regulationsRegulatory bodiesLaw enforcementThreat assessmentAccounting and controlGuidancePreventionDetection/responseCoordinationSecurity culture

TARGETS

Nuclear weaponsNuclear materialRadioactive materialNuclear facilitiesTransportsTransitsTechnologyCyberspaceSensitive information

THREATS

TerroristsCriminal organizationsNon-state factions

IAEA

IAEA - Improving Nuclear Security

• Promoting international instruments and their implementation

• Developing recommendations and guidelines

• Providing evaluation and advisory services

• Providing education and training – human resource development

• Providing technical improvements and upgrades

• Coordinating Member States and the global effort towards Nuclear Security

IAEA

Nuclear Security & Cybersecurity

• Cyber is a relative newcomer in an established culture of (physical) security

• Two documents in the Nuclear Security Series (to be published 2009, available in draft version)

• A series of training courses on offer, from awareness to technical issues

• A pilot Security Assessment Service at facilities

• Coordination & cooperation with national authorities (regulators & operators)

IAEA

Computer Security at Nuclear Facilities

The history:

• Work started in 2003!!

• Has been the object of 4 CMs and 1 TM

• Has been widely reviewed

• Will be published later in 2009

Computer Security at Nuclear Facilities

IAEA

Why an IAEA CompSec document?

Global reasons:• Attackers focus on critical infrastructure (existing examples

of sabotage / extortion), new attention to SCADA systems as targets

• Relevant legislation and regulations of the field are lagging behind

• Not all national infrastructures have recognized and standardized the issue

• Existing international guidance is not industry specific and fails to capture some of the key issues

• No existing IAEA document specifically addresses the field

IAEA

Why an IAEA CompSec document?

Technological reasons:• Increased presence of digital I&C systems in the design of

new (and old) NPPs and the corresponding introduction of new and unknown vulnerabilities

• Increased interconnection and reliance of Physical Protection systems on computerized systems (alarms, access control,...)

• Increased request for connection of Extranet, Intranet (Business) and Control networks

IAEA

Approaches: Responsibilities

• Ensuring continuity and thoroughness in the implementation of security through levels of resp.

• Connecting the levels and the relevant expertise

• Regulating cybersecurity in all critical infrastructure

IAEA

App. II: Threat identification

• Threats of either stand alone attacks or coordinated attacks including the use of computer systems should be incorporated into DBT (Design Basis Threat) scenarios

• An adequate process of intelligence gathering is required to ensure the completeness and relevance of each facility’s attacker matrix

• Likewise sensitive assets and their vulnerabilities should be identified and assessed

IAEA

App. III: People issue

• No technological solution will replace the security provided by well trained personnel

• Security awareness should start at the very highest level

Direct reporting lines for Security responsibilities!

IAEA

GRADED APPROACH TO COMPUTER SECURITY

• The security of CS to bebased on a graded approach

• The assignment of CSto different levels andzones should be basedon their relevance to safety and security

• The risk assessment process should be allowed to feed back into and influence the graded approach

IAEA

Special considerations for Nuclear Facilities

• Facility lifetime phases and modes of operation

• Differences between IT systems and control systems

• Demand for additional connectivity and related consequences

• Considerations on software updates/patching

• Secure design and specifications for computer Systems.

• Third party/vendor access control procedure

IAEA

With many thanks...

Andrea CavinaOffice of Nuclear Security

International Atomic Energy AgencyA.Cavina@iaea.org

+43-1-2600-26637

http://www-ns.iaea.org/security/