Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presented by Dr. Kristóf Horváth Deputy Director General Hungarian Atomic Energy Authority Based on the Guideline developed by the WG on Computer Protection.

Published byDarrell Bruce Modified over 8 years ago

Similar presentations

Presentation on theme: "Presented by Dr. Kristóf Horváth Deputy Director General Hungarian Atomic Energy Authority Based on the Guideline developed by the WG on Computer Protection."— Presentation transcript:

1 presented by Dr. Kristóf Horváth Deputy Director General Hungarian Atomic Energy Authority Based on the Guideline developed by the WG on Computer Protection Hungary’s Experience in the Regulation of Cyber and Information Security

2 History … 2005-2008 Well developed –requirements and regulatory system for peaceful applications (NM and RM) –radiation protection requirements and regulatory system –nuclear safety requirements and regulatory system –system for materials out of regulator control –emergency preparedness and response for safety events Ad-hoc –physical protection requirements –physical protection as part of radiation protection and nuclear safety All nuclear related sensitive information protected as State Secret

3 International Instruments (the frame) Ratified international conventions: –CPPNM –Amendment to CPPNM –Nuclear terrorism convention –Mode-specific transport agreements UN Council resolutions EU regulations and directives IAEA Code of Conduct and Guidance

4 And then…Fundamental objective The fundamental safety-security-safeguards objective of regulatory control: –To protect people and environment –from harmful effects of (any harm of) –ionizing radiation (generated by various applications of atomic energy). without unduly limiting the operation of facilities or the conduct of activities.

5 Goals of regulatory control To protect people and environment through –Prevention Regulations, licensing, vetting, registration …. –Detection Inspection, reporting, monitoring … –Response Enforcement, contingency/emergency planning Common legal and technical principles to be applied –E.g. responsibility, independence… –E.g. design basis, graded approach, defence in depth …

6 New regulations Four level approach Classification and protection of information –Restricted, Confidential, Secret, Top Secret Physical protection governmental decree –Based on threat assessment –DBT defined by HAEA with concerned gov organs –Performance based approach with performance requirements for facilities –Prescriptive requirements for NM and RM Updated safety code

7 Cyber and information secuirty Confidentiality Availability Integrity General security and safety requirements for allocation of I&C components and their cabelling acc to PP zones one-way direction from vital areas credibility of input to be checked availability of systems interaction cannot hinder safety functions

8 WG establishment Instead of –Requesting the NPP to recommend a cyber DBT Recognition that computer protection is a joint safety/security issue –Very similar threats –Almost identical protection –Identical protectors WG participation –HAEA, Police, MVM Electricity Trust, NPP, new-built, university, experts To develop a guideline on –The protection of programmable systems and components

9 Guideline on the protection requirements for computer systems Taking into consideration – Lessons learned from IAEA NSS 17 – Principles from IEC 62645 Ed.1 – Existing safety requirements – Existing security requirements

10 Guideline on the protection requirements for computer systems Level of protection measures Graded approach Classification from safety as well as from security aspects, then the more rigorous requirements shall be applied

11 Guideline on the protection requirements for computer systems –Summary about international and domestic recommendations –Protection policy for programmable systems and components –Organizational and management aspects, responsibilities –Inventory of systems (systems, networks, applications and their interfaces) –Definition of protection levels –Protection classification of systems and components –Risk assessment (threat analysis, vulnerability analysis, risk evaluation) –Defence in depth principles –Physical access aspects –Training and education

12 Guideline on the protection requirements for computer systems According to the Guideline, nuclear operators should –Categorize the computer systems to Level-5,4,3,2 –Analyse the vulnerabilities of existing computer systems –Establish additional protection measures (if required) to meet the safety and security requirements –Propose a cyber design basis threat

13 Regulation development Based on experience on the application of the guideline –Issue regulations for the NPP –Develop regulations and guidance to other applications where programmable systems and components are in use

14 Köszönöm a figyelmet! I thank You for your kind attention!

Download ppt "Presented by Dr. Kristóf Horváth Deputy Director General Hungarian Atomic Energy Authority Based on the Guideline developed by the WG on Computer Protection."

Similar presentations

Khammar Mrabit Director Office of Nuclear Security

Khammar Mrabit Director Office of Nuclear Security
Pakistan Nuclear Regulatory Authority

Pakistan Nuclear Regulatory Authority
IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.

IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.
USNRC IRRS TRAINING Lecture 2

USNRC IRRS TRAINING Lecture 2
Regulatory Body MODIFIED Day 8 – Lecture 3.

Regulatory Body MODIFIED Day 8 – Lecture 3.
1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.

1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.
Authorization and Inspection of Cyclotron Facilities The activities and responsibilities of the Regulatory Body GSR Part 1.

Authorization and Inspection of Cyclotron Facilities The activities and responsibilities of the Regulatory Body GSR Part 1.
Nuclear and Treaty Law Section Office of Legal Affairs

Nuclear and Treaty Law Section Office of Legal Affairs
Nuclear program of Lithuania Dr. Vidas Paulikas, Radiation Protection Department VATESI Visaginas, 29 June 2009.

Nuclear program of Lithuania Dr. Vidas Paulikas, Radiation Protection Department VATESI Visaginas, 29 June 2009.
Challenges of a Harmonized Global Safety Regime Jacques Repussard Director General IRSN IAEA 2007 Scientific Forum.

Challenges of a Harmonized Global Safety Regime Jacques Repussard Director General IRSN IAEA 2007 Scientific Forum.
IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.

IAEA International Atomic Energy Agency International Cooperation in Nuclear Security David Ek Office of Nuclear Security.
Technical Meeting on Evaluation Methodology for Nuclear Power Infrastructure Development 10-12 December, 2008 Nuclear Safety in Infrastructure Building.

Technical Meeting on Evaluation Methodology for Nuclear Power Infrastructure Development December, 2008 Nuclear Safety in Infrastructure Building.
Governmental, Legal and Regulatory Framework in Azerbaijan Republic Aysel Hasanova, Akbar Guliyev, Emin Mansurov Regional Workshop - School for Drafting.

Governmental, Legal and Regulatory Framework in Azerbaijan Republic Aysel Hasanova, Akbar Guliyev, Emin Mansurov Regional Workshop - School for Drafting.
IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.

IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.
Monitoring of Radiologically Contaminated Scrap Material in the Czech Republic Zuzana Pašková State Office for Nuclear Safety Prague, Czech Republic International.

Monitoring of Radiologically Contaminated Scrap Material in the Czech Republic Zuzana Pašková State Office for Nuclear Safety Prague, Czech Republic International.
LEGAL FRAMEWORK & REGULATORY SYSTEM f or introduction of NPP into Vietnam Le Chi Dung (VARANS, Vietnam) Vienna, 10-12 December 2008.

LEGAL FRAMEWORK & REGULATORY SYSTEM f or introduction of NPP into Vietnam Le Chi Dung (VARANS, Vietnam) Vienna, December 2008.
Anita Nilsson Director, Office of Nuclear Security

Anita Nilsson Director, Office of Nuclear Security
IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.

IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.
International Atomic Energy Agency THE “EMERGENCY CONVENTIONS” Interregional Training Course on Technical Requirements to Fulfil National Obligations in.

International Atomic Energy Agency THE “EMERGENCY CONVENTIONS” Interregional Training Course on Technical Requirements to Fulfil National Obligations in.

Similar presentations

Ads by Google