Presented by Dr. Kristóf Horváth Deputy Director General Hungarian Atomic Energy Authority Based on the Guideline developed by the WG on Computer Protection.

Slides:

Advertisements

Similar presentations

Khammar Mrabit Director Office of Nuclear Security

Advertisements

Pakistan Nuclear Regulatory Authority

IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.

USNRC IRRS TRAINING Lecture 2

Regulatory Body MODIFIED Day 8 – Lecture 3.

1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.

Authorization and Inspection of Cyclotron Facilities The activities and responsibilities of the Regulatory Body GSR Part 1.

Nuclear and Treaty Law Section Office of Legal Affairs

Nuclear program of Lithuania Dr. Vidas Paulikas, Radiation Protection Department VATESI Visaginas, 29 June 2009.

Challenges of a Harmonized Global Safety Regime Jacques Repussard Director General IRSN IAEA 2007 Scientific Forum.

IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.

Technical Meeting on Evaluation Methodology for Nuclear Power Infrastructure Development December, 2008 Nuclear Safety in Infrastructure Building.

Governmental, Legal and Regulatory Framework in Azerbaijan Republic Aysel Hasanova, Akbar Guliyev, Emin Mansurov Regional Workshop - School for Drafting.

IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.

Monitoring of Radiologically Contaminated Scrap Material in the Czech Republic Zuzana Pašková State Office for Nuclear Safety Prague, Czech Republic International.

LEGAL FRAMEWORK & REGULATORY SYSTEM f or introduction of NPP into Vietnam Le Chi Dung (VARANS, Vietnam) Vienna, December 2008.

Anita Nilsson Director, Office of Nuclear Security

IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

International Atomic Energy Agency THE “EMERGENCY CONVENTIONS” Interregional Training Course on Technical Requirements to Fulfil National Obligations in.

IAEA - Department of Nuclear Safety & Security

IAEA International Atomic Energy Agency LICENSING OF RADIOACTIVE WASTE MANAGEMENT FACILITIES Luc Baekelandt Safety of radioactive.

IAEA International Atomic Energy Agency PGEC Part IV The International System of Radiation Protection and the Regulatory Framework Module IV 2 Conceptual.

RER/9/096 Regional Planning Meeting “Strengthening National Infrastructures for the Control of Radiation Sources” (TSA-1), (Phase II) Republic of Moldova.

School for Drafting Regulations on Radiation Safety Vienna, November 2012 Rules and responsibilities of the regulatory body Jiří Veselý, SONS, Czech republic.

Monitoring of Radiologically Contaminated Scrap Metal Czech experience Milan Hort State Office for Nuclear Safety Czech republic UNECE Group of Experts.

School for Drafting Regulations on Radiation Safety Vienna, November 2012 EU Requirements Jiří Veselý, SONS, Czech republic.

International Atomic Energy Agency International Nuclear Security Axel Hagemann Office of Nuclear Security Department of Nuclear Safety and Security International.

Programme Performance Criteria. Regulatory Authority Objectives To identify criteria against which the status of each element of the regulatory programme.

IAEA International Atomic Energy Agency. IAEA Outline Learning Objectives Introduction IRRS review of regulations and guides Relevant safety standards.

Click to edit Master title style Click to edit Master text styles –Second level Third level –Fourth level »Fifth level 1 АТЦ СПб GENERAL APPROACHES AND.

State Nuclear Regulatory Inspectorate of Ukraine SE “Information Technologies Center for Use of Nuclear.

Main Requirements on Different Stages of the Licensing Process for New Nuclear Facilities Module 4.5/1 Design Geoff Vaughan University of Central Lancashire,

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Regulatory Authority.

IAEA International Atomic Energy Agency School of Drafting Regulations – November 2014 Government and Regulatory Body Functions and Responsibilities IAEA.

IAEA International Atomic Energy Agency International Standards, Codes and Guidance for Radiation Safety Regulatory Infrastructure IAEA Advanced Regional.

International Atomic Energy Agency Roles and responsibilities for development of disposal facilities Phil Metcalf Workshop on Strategy and Methodologies.

IAEA International Atomic Energy Agency Methodology and Responsibilities for Periodic Safety Review for Research Reactors William Kennedy Research Reactor.

IAEA International Atomic Energy Agency Governmental, Legal and Regulatory Framework for Safety and Regulatory Functions William Kennedy Research Reactor.

IAEA International Atomic Energy Agency IAEA Safety Standards for Research Reactors W. Kennedy Research Reactor Safety Section Division of Nuclear Installation.

4rd Meeting of the Steering Committee on Competence of Human Resources for Regulatory Bodies Vienna, 4-7 December 2012 Current Status of the Human Resources.

IAEA International Atomic Energy Agency Milestones in the development of a national infrastructure for nuclear power The Nuclear Security dimension Technical.

New safety and security requirements for the transport of nuclear and other radioactive materials in Hungary Tünde KATONA, Kristóf HORVÁTH, József SÁFÁR.

INDONESIA NATIONAL STRATEGY FOR NUCLEAR POWER PROGRAMME INFRASTRUCTURE AND STATUS OF IMPLEMENTATION Dr. A. Sarwiyana Sastratenaya Director, Center for.

Current Status of the National Nuclear Infrastructure and Human Resources Development in the Republic of Belarus TM/WS on Topical Issues on Infrastructure.

Milestones for Nuclear Power Infrastructure Development Establishment of A Regulatory Framework Gustavo Caruso, Section Head, Regulatory Activities Section.

IAEA International Atomic Energy Agency Technical Meeting on Regulatory Oversight of Human and Organizational Factors Vienna, Austria | December.

IAEA Training Course on Safety Assessment of NPPs to Assist Decision Making Workshop Information IAEA Workshop Safety Assessment Process. Plant Modification.

DEVELOPMENT OF THE NATIONAL INFRASTRUCTURE FOR NUCLEAR POWER IN VIETNAM DEVELOPMENT OF THE NATIONAL INFRASTRUCTURE FOR NUCLEAR POWER IN VIETNAM Vuong Huu.

IAEA International Atomic Energy Agency TM/WS TOPICAL ISSUES ON INFRASTRUCTURE DEVELOPMENT: MANAGING THE DEVELOPMENT OF NATIONAL INFRASTRUCTURE FOR NUCLEAR.

Leading State Inspector Ivan Rovkach Department of Nuclear and Radiation Safety Ministry of Emergency Situations of the Republic of Belarus(GOSATOMNADZOR)

Department for Nuclear and Radiation Safety of the Ministry for Emergency Situations (Gosatomnadzor) Leading specialist Diana Rusakevich Belarus Department.

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Program Performance Criteria.

By Annick Carnino (former Director of IAEA Division of Nuclear Installations Safety) PIME, February , 2012.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign and Security Policy.

IAEA International Atomic Energy Agency Functional and Security Domains Presented by:

IAEA Safety Standards Regional Training Course “Orphan Source Search Training” TC Regional Project RAS/9/062 and RAS/9/085 Philippine Nuclear Research.

Dr. Khammar Mrabit DG, AMSSNuR Vienna, 09 December, 2016

Governmental, Legal and Regulatory Framework in Azerbaijan Republic

Nuclear and Treaty Law Section Office of Legal Affairs

State Nuclear Regulatory Inspectorate of Ukraine

Efforts to strengthen Source Security

Brazil - Training and Tutoring Feedback Second Coordination Meeting

Nuclear and Treaty Law Section Office of Legal Affairs

Training Courses for RPOs

Communication and Consultation with Interested Parties by the RB

USNRC IRRS TRAINING Lecture18

بسم الله الرحمن الرحيم Dr. Hany Sallam & Regulatory Activities

SAFE AND SECURE TRANSPORT OF RADIOACTIVE MATERIAL: A GLOBAL CHALLENGE THAT REQUIRES A GLOBAL SOLUTION Dr. Pil-Soo Hahn Director Division of Radiation,

Regulatory system in Hungary

Presentation transcript:

presented by Dr. Kristóf Horváth Deputy Director General Hungarian Atomic Energy Authority Based on the Guideline developed by the WG on Computer Protection Hungary’s Experience in the Regulation of Cyber and Information Security

History … Well developed –requirements and regulatory system for peaceful applications (NM and RM) –radiation protection requirements and regulatory system –nuclear safety requirements and regulatory system –system for materials out of regulator control –emergency preparedness and response for safety events Ad-hoc –physical protection requirements –physical protection as part of radiation protection and nuclear safety All nuclear related sensitive information protected as State Secret

International Instruments (the frame) Ratified international conventions: –CPPNM –Amendment to CPPNM –Nuclear terrorism convention –Mode-specific transport agreements UN Council resolutions EU regulations and directives IAEA Code of Conduct and Guidance

And then…Fundamental objective The fundamental safety-security-safeguards objective of regulatory control: –To protect people and environment –from harmful effects of (any harm of) –ionizing radiation (generated by various applications of atomic energy). without unduly limiting the operation of facilities or the conduct of activities.

Goals of regulatory control To protect people and environment through –Prevention Regulations, licensing, vetting, registration …. –Detection Inspection, reporting, monitoring … –Response Enforcement, contingency/emergency planning Common legal and technical principles to be applied –E.g. responsibility, independence… –E.g. design basis, graded approach, defence in depth …

New regulations Four level approach Classification and protection of information –Restricted, Confidential, Secret, Top Secret Physical protection governmental decree –Based on threat assessment –DBT defined by HAEA with concerned gov organs –Performance based approach with performance requirements for facilities –Prescriptive requirements for NM and RM Updated safety code

Cyber and information secuirty Confidentiality Availability Integrity General security and safety requirements for allocation of I&C components and their cabelling acc to PP zones one-way direction from vital areas credibility of input to be checked availability of systems interaction cannot hinder safety functions

WG establishment Instead of –Requesting the NPP to recommend a cyber DBT Recognition that computer protection is a joint safety/security issue –Very similar threats –Almost identical protection –Identical protectors WG participation –HAEA, Police, MVM Electricity Trust, NPP, new-built, university, experts To develop a guideline on –The protection of programmable systems and components

Guideline on the protection requirements for computer systems Taking into consideration – Lessons learned from IAEA NSS 17 – Principles from IEC Ed.1 – Existing safety requirements – Existing security requirements

Guideline on the protection requirements for computer systems Level of protection measures Graded approach Classification from safety as well as from security aspects, then the more rigorous requirements shall be applied

Guideline on the protection requirements for computer systems –Summary about international and domestic recommendations –Protection policy for programmable systems and components –Organizational and management aspects, responsibilities –Inventory of systems (systems, networks, applications and their interfaces) –Definition of protection levels –Protection classification of systems and components –Risk assessment (threat analysis, vulnerability analysis, risk evaluation) –Defence in depth principles –Physical access aspects –Training and education

Guideline on the protection requirements for computer systems According to the Guideline, nuclear operators should –Categorize the computer systems to Level-5,4,3,2 –Analyse the vulnerabilities of existing computer systems –Establish additional protection measures (if required) to meet the safety and security requirements –Propose a cyber design basis threat

Regulation development Based on experience on the application of the guideline –Issue regulations for the NPP –Develop regulations and guidance to other applications where programmable systems and components are in use

Köszönöm a figyelmet! I thank You for your kind attention!