The purpose of this publication is to assist member states in developing comprehensive contingency plans for computer security incidents with the potential to impact nuclear security and/or nuclear safety. It provides an outline and recommendations for establishing a computer security incident response capability as part of a computer security programme.
Computer security is increasingly recognized as a key component in nuclear security. This publication outlines a methodology for conducting computer security assessments at nuclear facilities. The methodology can likewise be easily adapted to provide assessments at facilities with other radioactive materials.
"The risk of a serious cyber attack on civil nuclear infrastructure is growing, as facilities become ever more reliant on digital systems and make increasing use of commercial 'off-the-shelf' software, according to a new Chatham House report." --
This revision provides guidance on how to establish or improve, develop, implement, maintain, and sustain computer security within nuclear facilities. This publication addresses the use of risk informed approaches to establish and enhance computer security policies, programmes; it describes the integration of computer security into the management system of a facility; establishes a systematic approach to identifying facility functions and appropriate computer security measures that protect sensitive digital assets and the facility from the consequence of cyber-attacks consistent with the threat assessment or design basis threat.
Computer security as a discipline is challenged by increasing threat vectors targeting a dynamic technological environment. This publication establishes guidance addressing the challenge of applying computer security measures to instrumentation and control (I&C) systems at nuclear facilities. The measures are intended to protect these I&C systems throughout their entire lifecycles against malicious acts perpetrated by threat actors. The technical basis and methodologies for the application of these computer security measures are considered. The publication also addresses the application of such measures to the development, simulation and maintenance environments of the I&C systems. In addition, account is taken of developments in the human factors engineering and nuclear safety. This Technical Guidance references and takes into account other Safety Guides and IAQEA Nuclear Security Series publications that provide guidance relating to I&C design.
This publication provides an overview, based on practical experience and lessons learned, for establishing nuclear security systems and measures for major public events. It covers technical and administrative nuclear security measures for developing the necessary organizational structure, developing plans, strategies and concepts of operations, and making arrangements for implementing the developed plans, strategies and concepts.
This SpringerBrief presents a brief introduction to probabilistic risk assessment (PRA), followed by a discussion of abnormal event detection techniques in industrial control systems (ICS). It also provides an introduction to the use of game theory for the development of cyber-attack response models and a discussion on the experimental testbeds used for ICS cyber security research. The probabilistic risk assessment framework used by the nuclear industry provides a valid framework to understand the impacts of cyber-attacks in the physical world. An introduction to the PRA techniques such as fault trees, and event trees is provided along with a discussion on different levels of PRA and the application of PRA techniques in the context of cybersecurity. A discussion on machine learning based fault detection and diagnosis (FDD) methods and cyber-attack detection methods for industrial control systems are introduced in this book as well. A dynamic Bayesian networks based method that can be used to detect an abnormal event and classify it as either a component fault induced safety event or a cyber-attack is discussed. An introduction to the stochastic game formulation of the attacker-defender interaction in the context of cyber-attacks on industrial control systems to compute optimal response strategies is presented. Besides supporting cyber-attack response, the analysis based on the game model also supports the behavioral study of the defender and the attacker during a cyber-attack, and the results can then be used to analyze the risk to the system caused by a cyber-attack. A brief review of the current state of experimental testbeds used in ICS cybersecurity research and a comparison of the structures of various testbeds and the attack scenarios supported by those testbeds is included. A description of a testbed for nuclear power applications, followed by a discussion on the design of experiments that can be carried out on the testbed and the associated results is covered as well. This SpringerBrief is a useful resource tool for researchers working in the areas of cyber security for industrial control systems, energy systems and cyber physical systems. Advanced-level students that study these topics will also find this SpringerBrief useful as a study guide.
This publication provides a model academic curriculum covering the entire spectrum of nuclear security topics for a masters degree programme or for an academic certificate programme in nuclear security. The first edition, entitled Educational Programmes in Nuclear Security, was published in 2010. Since then, the body of knowledge in the field of nuclear security has grown substantially and the IAEA Nuclear Security Series has expanded to cover more topics. The current publication takes into account the latest IAEA guidance, as well as feedback from the International Nuclear Security Education Network (INSEN) community and other international experts. The publication can be used by university curriculum developers as well as faculty and instructors from institutions that are implementing or considering educational programmes in nuclear security.
This is the first in a series of three proceedings of the 20th Pacific Basin Nuclear Conference (PBNC). This volume covers the topics of Safety and Security, Public Acceptance and Nuclear Education, as well as Economics and Reducing Cost. As one in the most important and influential conference series of nuclear science and technology, the 20th PBNC was held in Beijing and the theme of this meeting was “Nuclear: Powering the Development of the Pacific Basin and the World”. It brought together outstanding nuclear scientist and technical experts, senior industry executives, senior government officials and international energy organization leaders from all across the world. The book is not only a good summary of the new developments in the field, but also a useful guideline for the researchers, engineers and graduate students.
Every day in cities and towns across the Nation, emergency response personnel respond to incidents of varying scope and magnitude. Their ability to communicate in real time is critical to establishing command and control at the scene of an emergency, to maintaining event situational awareness, and to operating overall within a broad range of incidents. However, as numerous after-action reports and national assessments have revealed, there are still communications deficiencies that affect the ability of responders to manage routine incidents and support responses to natural disasters, acts of terrorism, and other incidents. Recognizing the need for an overarching emergency communications strategy to address these shortfalls, Congress directed the Department of Homeland Security's (DHS) Office of Emergency Communications (OEC) to develop the first National Emergency Communications Plan (NECP). Title XVIII of the Homeland Security Act of 2002 (6 United States Code 101 et seq.), as amended, calls for the NECP to be developed in coordination with stakeholders from all levels of government and from the private sector. In response, DHS worked with stakeholders from Federal, State, local, and tribal agencies to develop the NECP—a strategic plan that establishes a national vision for the future state of emergency communications. To realize this national vision and meet these goals, the NECP established the following seven objectives for improving emergency communications for the Nation's Federal, State, local, and tribal emergency responders: 1. Formal decision-making structures and clearly defined leadership roles coordinate emergency communications capabilities. 2. Federal emergency communications programs and initiatives are collaborative across agencies and aligned to achieve national goals. 3. Emergency responders employ common planning and operational protocols to effectively use their resources and personnel. 4. Emerging technologies are integrated with current emergency communications capabilities through standards implementation, research and development, and testing and evaluation. 5. Emergency responders have shared approaches to training and exercises, improved technical expertise, and enhanced response capabilities. 6. All levels of government drive long-term advancements in emergency communications through integrated strategic planning procedures, appropriate resource allocations, and public-private partnerships. 7. The Nation has integrated preparedness, mitigation, response, and recovery capabilities to communicate during significant events. The NECP also provides recommended initiatives and milestones to guide emergency response providers and relevant government officials in making measurable improvements in emergency communications capabilities. The NECP recommendations help to guide, but do not dictate, the distribution of homeland security funds to improve emergency communications at the Federal, State, and local levels, and to support the NECP implementation. Communications investments are among the most significant, substantial, and long-lasting capital investments that agencies make; in addition, technological innovations for emergency communications are constantly evolving at a rapid pace. With these realities in mind, DHS recognizes that the emergency response community will realize this national vision in stages, as agencies invest in new communications systems and as new technologies emerge.