The International Atomic Energy Agency (IAEA) has introduced a new international training course (ITC) on protecting nuclear facilities from cyber-attacks, highlighting the Agency’s role in supporting national efforts to strengthen nuclear security.
The inaugural course, Protecting Computer-Based Systems in Nuclear Security Regimes, was held earlier this month. It brought together 37 participants from 13 countries for two weeks of immersive training on best practices in computer security.
Developed together with the U.S. Department of Energy’s National Nuclear Security Administration (NNSA) and hosted by the Idaho National Laboratory in the United States, it was the first in what will be a series of IAEA information and computer security ITCs focusing on raising awareness of the threat posed by cyber-attacks, and their potential impact on nuclear facilities.
The course offered participants a chance to test their skills on mock-ups of actual state-of-the-art digital systems common in today’s nuclear facilities, which use digital technologies to provide functions that support safe operations, security, material accountancy and control, and protection of sensitive information.
“Everyone with responsibility for nuclear security must have a thorough understanding of the vulnerabilities of their systems – they must know how to prevent and mitigate possible cyber-attacks on those systems,” said Raja Adnan, Director of the IAEA’s Division of Nuclear Security. “The IAEA offers a range of training courses in computer security to help ensure that governments and organizations have the necessary technical, regulatory and other tools to succeed when faced with highly skilled adversaries.”
In developing the course, cybersecurity experts from the IAEA and the Department of Energy National Laboratories—Idaho National Laboratory, Pacific Northwest National Laboratory, and Los Alamos National Laboratory— designed a learning environment that replicated equipment typically found in a nuclear facility.
“The hands-on lab environment, presentations, and exercises were conducted in a manner that allowed participants of varied experience to gain the full benefit of the training,” said James Byrne, a participant from EDF Energy in the United Kingdom. “It was a valuable training experience that provided me with many cyber security insights that will be helpful for me when I return to work.”