Background
As existing nuclear facilities are modernised and new ones constructed, their dependence on digital systems is increasing dramatically. This includes the integration of digital systems into everything from business systems to nuclear safety and security systems. These digital technologies are generally categorised as Information Technology (IT) or Operational Technologies (OT). This growing dependence on digital systems brings an ever increasing need to implement strong defense measures to protect digital systems, both IT and OT, from compromise.
Cybersecurity is the protection of digital systems and the information contained within these systems against cyberattacks. Specifically, cybersecurity seeks to protect the confidentiality, integrity and availability of digital systems and the associated data and processes they maintain. Cybersecurity is a subset of information security which looks at the broader protection of information in both digital and physical form. Along with physical protection, cybersecurity needs to be part of the overall security strategy at a nuclear facility, and enhancing cybersecurity capabilities in the nuclear industry is a main priority for WINS.
Objectives
The objective of this five-day training course was to build awareness of the cyber threat to nuclear facilities and to discuss the implementation of cybersecurity to reduce the risk from cyberattacks. The course also served as a venue for information sharing on operator experience related to implementing cybersecurity and developing a cyber-aware culture at nuclear facilities.
This training was derived from the WINS Academy module on Cybersecurity in the Nuclear Industry and the WINS Best Practice Guide Cybersecurity in a Nuclear Facility. Delegates were provided with an exam voucher, to achieve Certified Nuclear Security specialisation Professional (CNSsP) status, to use after course completion (at individual preference).
Audience
The main target audience of this activity were delegates from:
- Operators/licensees
- Nuclear industry organisations
- Academia
- Government officials
- International and non-governmental organisations
- Regulators
There were 20 delegate places available. Nuclear industry professionals including female practitioners from diverse backgrounds and people with diverse gender identities were encouraged to apply.
Process
This training course was instructor-led and lecture-based. The course was comprised of presentations on current cybersecurity guidance and state of practice in the nuclear industry. The discussion was also focused on relevant cybersecurity incidents and the lessons learned from these events. Finally, the course used scenario-based discussions and group exercises related to implementing and managing cybersecurity at a fictitious nuclear power plant.
The training course was held in English. As with all WINS events, the discussions were unclassified but subject to Chatham House rules (what was said can be reported, but not attributed).
The per delegate fee for attending the training course was 2500.00 GBP.
Delegates were required to arrange suitable travel to Vienna and accommodation.
The registration deadline was 31 August 2023 to request a delegate place. Confirmation for attendance and an invoice for payment was provided shortly after the registration was received, for payment to be made and a delegate place secured.
