A Nuclear Power Plant (NPP) simulator, description and mock facilities – all named Asherah – have been developed as part of a recently completed IAEA Coordinated Research Project (CRP) to support research in strengthening cyber security.
As one of the key outputs of this CRP, Asherah provides a unique approach for testing the response of nuclear facilities’ hardware and software components to cyber-attack and understanding the impacts on the entire system. It actually allows cyber-attack research work to be undertaken without compromising nuclear security, and without the risk of sensitive information disclosure from an actual nuclear facility.
The risks from cyber-attacks targeting potential vulnerabilities within a facility’s digitally controlled safety and security systems cannot be ignored. “Analysing and identifying the most sensitive digital components of a computer-controlled system and instituting appropriate computer security measures, that enhance defence in depth and incorporate a graded approach, is vital,” said Scott Purvis, Head of the IAEA’s Information Management Section.
Computer security incident analysis and response should identify the characteristics of both the facility’s safety and security functions, as well as the computer-based systems performing these functions to support detection of and response to cyber-attacks. “Maintaining the ability to detect, isolate, mitigate, and recover from the impacts of such attacks is a crucial element of a robust computer security programme,” Purvis highlighted.