Unusual and suspicious behaviour of a disgruntled employee captured in a 10 second surveillance video of a hypothetical nuclear facility opened a large-scale cybersecurity exercise in Slovenia. Following the employee footage, a series of simulated events unfolded and culminated in a malware attack at the hypothetical nuclear facility operational technology systems.
Conducted by the Slovenian Nuclear Safety Administration (SNSA), this highly interactive exercise — included hands-on examples and involved key Slovenian nuclear sector stakeholders. The scenario involved real operational technology systems with insider threats, external cyber-attacks, and physical intrusions to a hypothetical nuclear facility exhibiting the impacts of a computer security compromise of critical operational control systems leading to a nuclear security event.
“Increasing awareness about the response capabilities needed to secure nuclear facilities from cyber-attacks is one of the objectives of such exercises. The identification of any existing vulnerabilities, the testing of internal procedures and the strengthening of collaboration among involved stakeholders are some of the practical benefits for the host countries,” said Elena Buglova, Director of the IAEA Division of Nuclear Security. “The interest for computer security exercises is growing and the IAEA stands ready to support countries’ requests in this area of nuclear security.”
The KiVA2022 exercise was attended by 70 experts representing the national nuclear sector stakeholders, including the operators of nuclear facilities, governmental bodies such as the Government Information Security Office, Ministry of the Interior, national technical support organizations, as well as suppliers of computer equipment.
“The organising team and the participants were extremely engaged. The well-tailored scenario offered all of them a first-hand experience on the interconnections between safety, security, and emergency preparedness functions during a highly sophisticated cyber security incident,” said Igor SIRC, Director of SNSA. “Our national capabilities for response to emergencies, triggered by cyber security events at nuclear facilities, have been further strengthened after this exercise,” he added.
The exercise was conducted by the SNSA in cooperation with the IAEA and the AIT Austrian Institute of Technology, which is an IAEA Collaborating Centre for Information and Computer Security for Nuclear Security. The IAEA and AIT provided, developed and assembled dedicated information and operational technology infrastructure, components and systems tailored for the exercise. A nuclear power plant (NPP) simulator and fictitious facilities were developed as part of a recently completed IAEA Coordinated Research Project (CRP) were used.