Background
Physical protection is no longer the sole topic that dominates the discourse of shielding nuclear facilities and materials from attacks. Processes such as automation, digitalisation and networking have rapidly picked up speed in the last two decades and deeply impacted the functioning of nearly every sector, including nuclear security. On one hand, digital and automation technologies have brought about efficiency, speed and even increased safety in modern engineering; on the other, these technologies have added new and unique types of vulnerabilities, requiring a comparable extension and integration of new security domains.
Cybersecurity is the newer, broader discipline that examines all the vulnerabilities that come with automating processes, replacing analogue sensors and actuators with digital ones, and connecting plants, operations and devices to a network. It looks at known and potential attack vectors that can exploit these vulnerabilities and the consequences that may arise as a result. New attack vectors are not necessarily only attacks on technology but also on humans. The challenges of adopting and using new technologies are directly reflected on the human factor – as proven by the prevalence of the “social engineering” aspects in many successful attacks – and thus cybersecurity needs to ensure that humans are as prepared as machines.
Nuclear security is not simply “affected” by cybersecurity, rather it needs to fully embrace this growing discipline and make it an integral part of how systems are designed, how adversaries and attacks are characterised, and how risks are accounted for. The industry has stepped up to the challenge – even if wake-up calls were needed – and has invested broadly in designing solutions in the form of standards, procedures and countermeasures. Nowadays a broad selection of guidance documents is available both directly within the sector (IAEA, WINS and several national authorities) and from technical organisations such as ISO, ISA or IEEE. These cover most elements for designing and implementing effective cybersecurity programmes, including how to integrate cyber considerations in threat assessments, deploy secure hardware and software, support capacity building in cybersecurity, and assess the performance of cyber security arrangements and ensure their continuous improvement.
WINS has therefore decided to develop a series of four webinars exploring different topics related to cybersecurity in the nuclear sector. These webinars will be reserved to selected WINS Academy alumni and will be designed and delivered with the support of international experts.
The webinars will address the following topics:
- 20 May 2021: Introduction to Cybersecurity as an Essential Element of Nuclear Security
- 10 June 2021: Effective Integration of Physical Security and Cybersecurity
- 7 July 2021: Cybersecurity and the Supply Chain
- 11 August 2021: Communicating about Cybersecurity Incidents
Objectives
Introduction to cyber security as an essential element of nuclear security – 20 May 2021
The purpose of this webinar was to:
- Explain why computer systems, networks, programmes, devices and data need to be protected from cyber attacks
- Raise awareness of cyber threats and present examples of vulnerabilities that may be exploited by a cyberthreat
- Review the key elements of an effective cybersecurity programme
Agenda
- Introduction to Cybersecurity by Andrea Cavina - Identification of the Need and Selected Examples of Vulnerabilities
- Expert intervention - Implementing Selected Key Industry Standards to Make Cybersecurity Programmes More Efficient
