Background
As existing nuclear facilities are modernised and new ones constructed, their dependence on digital systems is increasing dramatically. Digital systems are being integrated into everything from business systems to nuclear safety and security systems. This growing dependence on digital systems brings an ever-increasing need to implement strong defensive measures to protect them from compromise.
Cybersecurity is the protection of digital systems and the information contained within these systems against cyberattacks. Specifically, cybersecurity seeks to protect the confidentiality, integrity and availability of digital systems and the associated data and processes they maintain. Cybersecurity is a subset of information security which looks at the broader protection of information in both digital and physical form. Along with physical protection, cybersecurity needs to be part of the overall security strategy at a nuclear facility, and enhancing cybersecurity capabilities in the nuclear industry is a main priority for WINS.
Objectives
The objective of this five-day training course was to build awareness of the cyberthreat to nuclear facilities and to discuss the implementation of cybersecurity to reduce the risk from cyberattack. The course also served as a venue for information sharing on operator experience related to implementing cybersecurity and developing a cyber-aware culture at nuclear facilities.
This training was derived from the WINS Academy module on Cybersecurity in the Nuclear Industry and the WINS Best Practice Guide Cybersecurity in a Nuclear Facility.
Audience
The main target audience of this activity included the following:
- Operators/licensees
- Nuclear industry organisations
- Academia
- Government officials
- International and non-governmental organisations
- Regulators
There were 20 seats available for this course. Nuclear industry professionals including female practitioners from diverse backgrounds and people with diverse gender identities were strongly encouraged to apply. There was no fee for attending this training course. Participants were expected to cover their own travel and accommodation cost.
Process
This training course was instructor-led and lecture-based. The course comprised of presentations on current cybersecurity guidance and state of practice in the nuclear industry. Discussion also focused on relevant cybersecurity incidents and the lessons learned from these events. Finally, the course used scenario-based discussions and group exercises related to implementing and managing cybersecurity at a fictitious nuclear power plant.
Participant discussions and questions were greatly encouraged.
The training course was held in English. As with all WINS events, the discussions were unclassified but subject to Chatham House rules (what was said can be reported, but not attributed).
Date: 13-17 February 2023
Language: English
Registration deadline: 11 January 2023
