IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

Slides:

Advertisements

Similar presentations

Department of Homeland Security Site Assistance Visit (SAV)

Advertisements

IAEA International Atomic Energy Agency Introductions; Objectives and Scope of the Course Tr aining course on Authorization and Inspection of Uranium Mining.

Khammar Mrabit Director Office of Nuclear Security

IAEA 1 The IAEA has revised the 1996 Safety Standards 50-C/SG-Q: QA Requirements and Safety Guides Published in 1996 Promotes structure: –Management –Performance.

Pakistan Nuclear Regulatory Authority

In-depth look at ISACS Stockpile Management: Weapons Photo: MAG.

IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.

Alexander Brandl ERHS 561 Emergency Response Environmental and Radiological Health Sciences.

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.

UK Office for Security & Counter Terrorism Future threats and the potential role of the CBRN Action plan in supporting the BTWC Dr Catherine Terry International.

Role of Independent Regulatory Body for Safe Operation of NPPs Zia Hussain Shah Director, Centre for Nuclear Safety Pakistan Nuclear Regulatory Authority.

Session 3 – Information Security Policies

IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.

Technical Meeting on Evaluation Methodology for Nuclear Power Infrastructure Development December, 2008 Nuclear Safety in Infrastructure Building.

IAEA International Atomic Energy Agency How do you know how far you have got? How much you still have to do? Are we nearly there yet? What – Who – When.

HOMELAND SECURITY ADVISORY SYSTEM. Established after the terrorist attacks on America September 11, 2001.

IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.

LEGAL FRAMEWORK & REGULATORY SYSTEM f or introduction of NPP into Vietnam Le Chi Dung (VARANS, Vietnam) Vienna, December 2008.

Anita Nilsson Director, Office of Nuclear Security

IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.

SAFETY AND SECURITY ASPECTS OF RADIOACTIVE MATERIAL DURING TRANSPORT R.K. Singh Radiological Safety Division Atomic Energy Regulatory Board Mumbai, India.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

08 October 2015 M. Ammar Mehdi Introduction to Human Resource Management & SSG-16 Actions 4 th Steering Committee on Competence of Human.

IAEA International Atomic Energy Agency PGEC Part IV The International System of Radiation Protection and the Regulatory Framework Module IV 2 Conceptual.

A National approach to Cyber security/CIIP: Raising awareness.

RER/9/096 Regional Planning Meeting “Strengthening National Infrastructures for the Control of Radiation Sources” (TSA-1), (Phase II) Republic of Moldova.

Confidence Building Measures Anatoly A.Streltsov D.Tech., D.J., prof. deputy director of the IPII MSU named by M.V.Lomonosov.

RER/9/096 Regional Planning Meeting “Strengthening National Infrastructures for the Control of Radiation Sources” (TSA-1), (Phase II) Country: ESTONIA.

International Atomic Energy Agency International Nuclear Security Axel Hagemann Office of Nuclear Security Department of Nuclear Safety and Security International.

Presented by Dr. Kristóf Horváth Deputy Director General Hungarian Atomic Energy Authority Based on the Guideline developed by the WG on Computer Protection.

IAEA International Atomic Energy Agency Senior Regulators’ Meeting 2013 Radiation Safety Infrastructure in Non- Nuclear Countries Pil Soo Hahn Director.

IAEA International Atomic Energy Agency School of Drafting Regulations – November 2014 Government and Regulatory Body Functions and Responsibilities IAEA.

Technical Meeting on Milestones for nuclear power infrastructure development Radiation Protection Khammar Mrabit Head, Regulatory Infrastructure and Transport.

Staffing and training. Objectives To understand approaches to the development of strategies and policies for staffing of a Regulatory Authority including.

A Global Approach to Protecting the Global Critical Infrastructure Dr. Stephen D. Bryen.

IAEA International Atomic Energy Agency International Standards, Codes and Guidance for Radiation Safety Regulatory Infrastructure IAEA Advanced Regional.

IAEA International Atomic Energy Agency IAEA Safety Standards for Research Reactors W. Kennedy Research Reactor Safety Section Division of Nuclear Installation.

P1. Overview of Objectives & Agenda of Technical Meeting

IAEA International Atomic Energy Agency Milestones in the development of a national infrastructure for nuclear power The Nuclear Security dimension Technical.

INDONESIA NATIONAL STRATEGY FOR NUCLEAR POWER PROGRAMME INFRASTRUCTURE AND STATUS OF IMPLEMENTATION Dr. A. Sarwiyana Sastratenaya Director, Center for.

Current Status of the National Nuclear Infrastructure and Human Resources Development in the Republic of Belarus TM/WS on Topical Issues on Infrastructure.

IAEA International Atomic Energy Agency Arusha, Tanzania CAMEROON Dr CHAKAM TAGHEU Pulchérie Julie 2 – 5 December 2013 RAF9038 Final Coordination Meeting.

Milestones for Nuclear Power Infrastructure Development Establishment of A Regulatory Framework Gustavo Caruso, Section Head, Regulatory Activities Section.

DEVELOPMENT OF THE NATIONAL INFRASTRUCTURE FOR NUCLEAR POWER IN VIETNAM DEVELOPMENT OF THE NATIONAL INFRASTRUCTURE FOR NUCLEAR POWER IN VIETNAM Vuong Huu.

IAEA International Atomic Energy Agency TM/WS TOPICAL ISSUES ON INFRASTRUCTURE DEVELOPMENT: MANAGING THE DEVELOPMENT OF NATIONAL INFRASTRUCTURE FOR NUCLEAR.

IAEA International Atomic Energy Agency Arusha, Tanzania Uganda Dr. Akisophel Kisolo Project Counterpart 2 – 5 December 2013 RAF9038 Final Coordination.

Office of Special Projects Issues arising from the Second Review Conference on Safety and Security at Chemical Plants and Relationships with CWC stakeholders.

Department for Nuclear and Radiation Safety of the Ministry for Emergency Situations (Gosatomnadzor) Leading specialist Diana Rusakevich Belarus Department.

IAEA International Atomic Energy Agency IAEA Safety Standards and Public Exposure to Radon Trevor Boal Radiation Protection Unit - NSRW.

By Annick Carnino (former Director of IAEA Division of Nuclear Installations Safety) PIME, February , 2012.

March 23, 2015 Missouri Public Service Commission | Jefferson City, MO.

IAEA International Atomic Energy Agency Functional and Security Domains Presented by:

IAEA International Atomic Energy Agency IAEA Training Course on Conducting Computer Security Assessments Presented by: Donald D. Dudenhoeffer.

IAEA Division of Nuclear Security

IAEA International Atomic Energy Agency Computer Security Culture and Capacity Building Overview Presented by: May 2016.

NRC’s 10 CFR Part 37 Program Review of Radioactive Source Security

Efforts to strengthen Source Security

AAEA Role in Improving EPR Coordination Interventions among Arab Countries Abdelmajid Mahjoub Arab Atomic Energy Agency

Module 1 IAEA Safety Standards on Management Systems.

Radiation & Nuclear Safety and Security Aspects in Lao PDR

Nuclear and Treaty Law Section Office of Legal Affairs

International Workshop on National Registers of Radiation Sources

Establishing the Infrastructure for Radiation Safety Preparatory Actions and Initial Regulatory Activities.

8 Building Blocks of National Cyber Strategies

Cyber-security and IEC International Standards

Training Courses for RPOs

Security Enhancement: Physical Infrastructure

SAFE AND SECURE TRANSPORT OF RADIOACTIVE MATERIAL: A GLOBAL CHALLENGE THAT REQUIRES A GLOBAL SOLUTION Dr. Pil-Soo Hahn Director Division of Radiation,

Presentation transcript:

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A. Cavina (IAEA-NSNS)

IAEA IAEA and Nuclear Security Office of Nuclear Security was created (2002) to address the urgent threats posed by the changing geopolitical situation The Nuclear Security programme has been one of the fastest growing programmes in the IAEA Current budget €15-20m/year Focus on prevention, detection and response to malicious acts (sabotage, insider threat, theft...) About 50 staff

IAEA Interplay within Nuclear Security NUCLEAR SECURITY FRAMEWORK Conventions Laws & regulations Regulatory bodies Law enforcement Threat assessment Accounting and control Guidance Prevention Detection/response Coordination Security culture TARGETS Nuclear weapons Nuclear material Radioactive material Nuclear facilities Transports Transits Technology Cyberspace Sensitive information THREATS Terrorists Criminal organizations Non-state factions

IAEA IAEA - Improving Nuclear Security Promoting international instruments and their implementation Developing recommendations and guidelines Providing evaluation and advisory services Providing education and training – human resource development Providing technical improvements and upgrades Coordinating Member States and the global effort towards Nuclear Security

IAEA Nuclear Security & Cybersecurity Cyber is a relative newcomer in an established culture of (physical) security Two documents in the Nuclear Security Series (to be published 2009, available in draft version) A series of training courses on offer, from awareness to technical issues A pilot Security Assessment Service at facilities Coordination & cooperation with national authorities (regulators & operators)

IAEA Computer Security at Nuclear Facilities The history: Work started in 2003!! Has been the object of 4 CMs and 1 TM Has been widely reviewed Will be published later in 2009 Computer Security at Nuclear Facilities

IAEA Why an IAEA CompSec document? Global reasons: Attackers focus on critical infrastructure (existing examples of sabotage / extortion), new attention to SCADA systems as targets Relevant legislation and regulations of the field are lagging behind Not all national infrastructures have recognized and standardized the issue Existing international guidance is not industry specific and fails to capture some of the key issues No existing IAEA document specifically addresses the field

IAEA Why an IAEA CompSec document? Technological reasons: Increased presence of digital I&C systems in the design of new (and old) NPPs and the corresponding introduction of new and unknown vulnerabilities Increased interconnection and reliance of Physical Protection systems on computerized systems (alarms, access control,...) Increased request for connection of Extranet, Intranet (Business) and Control networks

IAEA Approaches: Responsibilities Ensuring continuity and thoroughness in the implementation of security through levels of resp. Connecting the levels and the relevant expertise Regulating cybersecurity in all critical infrastructure

IAEA App. II: Threat identification Threats of either stand alone attacks or coordinated attacks including the use of computer systems should be incorporated into DBT (Design Basis Threat) scenarios An adequate process of intelligence gathering is required to ensure the completeness and relevance of each facility’s attacker matrix Likewise sensitive assets and their vulnerabilities should be identified and assessed

IAEA App. III: People issue No technological solution will replace the security provided by well trained personnel Security awareness should start at the very highest level  Direct reporting lines for Security responsibilities!

IAEA GRADED APPROACH TO COMPUTER SECURITY The security of CS to be based on a graded approach The assignment of CS to different levels and zones should be based on their relevance to safety and security The risk assessment process should be allowed to feed back into and influence the graded approach

IAEA Special considerations for Nuclear Facilities Facility lifetime phases and modes of operation Differences between IT systems and control systems Demand for additional connectivity and related consequences Considerations on software updates/patching Secure design and specifications for computer Systems. Third party/vendor access control procedure

IAEA With many thanks... Andrea Cavina Office of Nuclear Security International Atomic Energy Agency