Background
The time when physical protection was the sole topic dominating the discourse when it came to shielding nuclear facilities and materials from insider attacks, is long past. As new nuclear facilities are constructed and existing ones are modernised, their dependence on digital systems has dramatically increased. Digital systems have been integrated into everything from business systems to nuclear safety and nuclear security systems. This growing dependence on digital systems brings with it an ever-growing need to implement strong measures to protect digital systems from compromise.
A cybersecurity threat refers to any situation or occurrence that can have negative consequences for a business's operations, functions, brand, reputation, or perceived image. Such a threat may also affect data confidentiality, integrity, or availability, as well as the people, processes, and technologies involved in managing that data.
Several reasons contribute to the occurrence of cybersecurity threats, including malicious intent, inadequate cybersecurity awareness and human error. Malicious intent is a significant contributor to cybersecurity threats, with adversaries using methods such as social engineering, malware, or ransomware attacks. These types of attacks can result in the theft of confidential information, financial losses, reputational harm or even damage to the nuclear processes. A lack of proper cybersecurity awareness can leave organizations vulnerable to attacks, such as failing to implement firewalls or neglecting to educate employees about proper security practices. Attackers can exploit these vulnerabilities to gain unauthorized access to sensitive information or to cause disruptions to computer systems and networks. Human error can lead to cybersecurity threats, with employees accidentally downloading malicious software or responding to phishing emails. These mistakes can provide attackers with access to sensitive data or networks, compromising the security of an organization.
The cyber insider threat can be defined as an individual with some level of access, authority, and knowledge regarding digital systems within an organisation. Cyber insiders can be categorised as malicious or unintentional insiders. A malicious cyber insider threat is an employee, contractor, or business partner who has authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems. This type of insiders may be a disgruntled, coerced, radicalised, or embedded individual. They may be working alone or in collusion with external adversaries. An unintentional insider threat is an employee, contractor, or business partner who has or had authorized access to an organization's network, system, or data and who, through action or inaction without malicious intent, causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability of the organization's information or information systems.
Countering the cyber insider threat requires that all individuals within the nuclear organisation, and not only security or cyber security professionals, play their part. This begins with the commitment of leadership. Both executive and line management must demonstrate their belief that a credible cyber insider threat exists, that cyber security is important, and that adequate cybersecurity arrangements will mitigate the cyber insider threat. They must also lead by example and provide sufficient resources for the establishment of a comprehensive cyber insider threat mitigation programme and ensure its integration within the overall risk management programme of the organisation. On their side, operational departments must design their processes with all types of security threats in mind and must provide necessary resources to achieve security objectives. Finally, the human resources department also plays a crucial role by creating employment policies, procedures and programmes that support a security-aware culture amongst staff.
Objectives
The workshop reviewed the latest information on cyber insider threats and best practices for mitigating them. It also reviewed all steps and elements of a comprehensive cyber insider threat mitigation programme. In particular, this event discussed:
- The types and characteristics of potential cyber insiders (e.g., malicious, negligent, accidental, etc.)
- The specific risks for selected groups of individuals such as privileged users, remote employees and contractors
- Insider threat detection opportunities and how technology can assist in detecting and responding to cyber insider activities
- Incident response strategies and the specific impact of insider threats
- The need for specific staff awareness and education programmes
- The importance of a robust cyber security culture
- The process for assessing and reporting the performance of the cyber insider threat mitigation programme
Participants will be encouraged to identify immediate steps that can be taken to strengthen nuclear security programmes and mitigate cyber insider threats in their organisations and countries.
Audience
The workshop was open to a group of around 40 participants from all over the world.
The target audience for this event was individuals who have a responsibility for cybersecurity and/or internal threats mitigation efforts.
Targeted participants included amongst others, representatives from nuclear operating organisations, nuclear technology vendors, information security organisation, regulators and technical support organisation, academia, law enforcement agencies and relevant international organisations.
Female practitioners werestrongly encouraged to apply. At least 40% was set as the target for female speakers and female participants.
Process
This event was interactive and professionally facilitated. The workshop was built around a number of presentations as well as case studies and breakout sessions that enable participants to further explore the topic and share their experience and lessons learned.
Experts from the nuclear industry and other critical infrastructures were invited to share their experiences and lessons learned from implementing security arrangements against cyber insiders.
An instant electronic voting system allowed participants to provide their views on questions put to the workshop by anonymously registering their opinions using a keypad.
The workshop was held in English. The discussions were unclassified but subject to Chatham House rules (what was said can be reported, but not attributed).
This workshop was organised with the funding support of Global Affairs Canada (GAC).
