Establishing and maintaining a robust computer security programme is an essential element of a national nuclear security regime. Over the last several decades there has been a migration to more digital devices, systems, communication, and advanced technologies for nuclear materials, facilities and critical assets, including digital integration to enhance capabilities for more effective and efficient operations. With this increased capability in digital technology, we have also witnessed a major increase in threats and computer security incidents against the nuclear industry.
To defend against the ever-evolving threats, it is critical that computer security is integrated into all aspects of nuclear security including:
Computer security strategy (legislation)
Regulation
Organizational structures with defined roles and responsibilities
Computer security programmes
Policy and procedures
Operations, maintenance and decommissioning
Response and recovery
In order to do so, it is necessary to identify critical organizational units and key computer security competencies, which will involve State level computer security regulations and requirements with enforcement through competent authorities, and implementation by owners, operators, and third party entities.
This webinar, as the second in the NucSecCyber Series #3, will provide a detailed exploration of technical approaches to implementing and aligning with IAEA guidance concepts, while maintaining adherence to national regulation, within a nuclear facility. The subsequent webinars in the series are:
Webinar on Supply Chain Management for Nuclear Security, 22 September 2021, 14:00
Webinar on Computer Security Continuous Improvement (Assessments & Exercises), 20 October 2021, 14:00
Webinar on Incident Response for Computer Security, 24 November 2021, 14:00
Objectives
This aim of this webinar is to:
Present a practical example of how IAEA concepts such as identification of facility functions, the consequences of their compromise, and the digital assets performing them can be implemented within a nuclear facility;
Describe how elements derived from Facility and System Computer Security Risk Management can be implemented within existing requirements for and approaches to risk management;
Present an approach to impact and consequence assessment that integrates Computer Security into an overarching risk management system; and
Explain how the resulting body of information can inform the funding for, selection and implementation of, and ongoing operation and maintenance of computer security measures.
