• English
  • العربية
  • 中文
  • Français
  • Русский
  • Español

You are here

CRP Success Story: Enhancing Computer Security Incident Analysis at Nuclear Facilities (J02008)


CRP participants working to execute scenarios against an Asherah research testbed, gather the resulting datasets, and benchmark cyber anomaly detection techniques. (Photo: M. Hewes/IAEA)

A Nuclear Power Plant (NPP) simulator, description and mock facilities – all named Asherah – have been developed as part of a recently completed IAEA Coordinated Research Project (CRP) to support research in strengthening cyber security.

As one of the key outputs of this CRP, Asherah provides a unique approach for testing the response of nuclear facilities’ hardware and software components to cyber-attack and understanding the impacts on the entire system. It actually allows cyber-attack research work to be undertaken without compromising nuclear security, and without the risk of sensitive information disclosure from an actual nuclear facility.

The risks from cyber-attacks targeting potential vulnerabilities within a facility’s digitally controlled safety and security systems cannot be ignored.  “Analysing and identifying the most sensitive digital components of a computer-controlled system and instituting appropriate computer security measures, that enhance defence in depth and incorporate a graded approach, is vital,” said Scott Purvis, Head of the IAEA’s Information Management Section.

Computer security incident analysis and response should identify the characteristics of both the facility’s safety and security functions, as well as the computer-based systems performing these functions to support detection of and response to cyber-attacks. “Maintaining the ability to detect, isolate, mitigate, and recover from the impacts of such attacks is a crucial element of a robust computer security programme,” Purvis highlighted.

Objectives, results and global impact

The CRP successfully developed, tested and adapted methodologies to enhance the analysis of computer security incidents within nuclear facilities.

The project was carried out by a network of research laboratories, academia and facility operators around the world, and successfully achieved its overarching objectives:  

  • to improve computer security capabilities at nuclear facilities to support the prevention and detection of, and response to, computer security incidents that have the potential to either directly or indirectly adversely affect nuclear safety and nuclear security;
  • to establish an international community of experts that will facilitate the exchange of good practices in the field of computer security incident response at nuclear facilities.

The development of the simulation system supports research into the consequences of compromise associated with actual control equipment. It also involved the development and evaluation of commensurate computer security measures, including artificial intelligence techniques applied to detect anomalies indicating targeted cyber-attacks.

Furthermore, experience with the anomaly detection techniques created within the CRP has supported the development of cyber-intrusion detection systems for use within a nuclear operational environment.

“Adversaries’ tactics, techniques, and procedures for cyber-attack evolve every day, therefore it is important to understand that at any time and everywhere, a compromise may be detected, including during early effects on the process,” said Fan Zhang, Assistant Professor at Georgia Tech in the United States of America. “The community involved in this CRP created a set of tools, including the Asherah simulator, that has enabled open research into this area. The tools are now available and continue to support our research and further efforts around the globe to enhance computer security incident analysis in nuclear facilities,” she added.

The released simulator, tools, guidance, and other outputs of CRP J02008 can be obtained, along with further topical resources, on the Information & Computer Security User Group on the IAEA's Nuclear Security Information Portal.

An additional indication of the CRP’s success was that it generated 80 publications including papers published in peer reviewed journals. Further papers and additional research work utilising the CRP technologies are in the pipeline.  

The CRP was made possible through generous extrabudgetary contributions to the Nuclear Security Fund from Canada, the European Union and Republic of Korea.

With an eye to the future, the IAEA has embarked on activities to assist countries with the use of this project outputs, including a new CRP on Enhancing Computer Security for Radiation Detection Systems. The overall goal is to develop methodologies and techniques to further improve computer security of radiation detection equipment, associated computer-based systems, data communications protocols associated network infrastructure supporting the function of radiation detection systems.

Stay in touch