Enhancing Computer Security Incident Analysis at Nuclear Facilities
Closed for Proposals
Project Type
Coordinated Research ProjectProject Code
J02008
CRP
2119
Approved Date
2015/11/13Project Status
ClosedStart Date
2016/07/14Expected End Date
2021/01/31Completed Date
2021/11/10Participating Countries
Argentina, Austria, Brazil, Canada, China, Germany, Ghana, Hungary, Republic of Korea, Mexico, Pakistan, Poland, United States of AmericaDescription
This CRP will explore key areas such as good practices, technology, analytical methods, and recommended procedures for response including forensic activities for computer security incidents at nuclear facilities. The results of this CRP will be published as a nuclear security non-serialized report and will additionally serve to inform nuclear security guidance and training development. ?This CRP provides the opportunity to participate in four activities to enhance computer security incident analysis and response: (1) Operator support for computer security incident recognition and response; (2) Analysis and technology support for computer security incident response; (3) Computer security Information Exchange; and (4) Cyber Crime Investigation. ?The objective of this CRP is to conduct activities which improve computer security capabilities at nuclear facilities to support the prevention and detection of, and response to, computer security incidents that have the potential to either directly or indirectly adversely affect nuclear safety and nuclear security. ?
Objectives
The primary objective of this CRP is to improved computer security capabilities at the nuclear facilities to support the prevention and detection of, and response to, computer security incidents that have the potential to either directly or indirectly adversely affect nuclear safety and nuclear security. The secondary objective is to establish an international community of experts that will facilitate the exchange of good practices in the field of computer security incident response at nuclear facilities.
Specific Objectives
Support for cyber crime investigation at nuclear facilities
Provide operator support in computer security incident recognition and response
Promote computer security information exchange among Member States
Provide analysis, methods and technologies to support computer security incident response
Impact
The CRP has been acknowledged as opening up a field of research that was either not available or incredibly burdensome to complete. That is the design and development of targeted computer security measures supporting protection from, detection of, and response to cyber-attacks against nuclear facilities. Previously the only means of embarking on such research was to partner with a nuclear facility and either i) capture data from the facility that would likely be considered sensitive information, or ii) introduce hardware/software within the control system environment in compliance with the local change control processes. Both of these potential approaches were found to be heavily burdensome as they add significant additional engineering time to the development of computer security measures specific to nuclear facilities. The coordinated work performed within the CRP ensured that the development of the components of the Asherah reference hypothetical facility would allow new technologies to be tried and tested against data sets produced by the simulator. These data sets are representative of what would be found within a nuclear facility allowing the early development to occur by research organizations, academia, and other institutions who might not have the resources and connections to partner with a nuclear facility.
CRP results have been published at major IAEA and third-party conferences and in recognized journals and publications. There has been a significant interest in the results and products produced being requested and adopted by other IAEA departments, states (domestically and as part of bilateral nuclear security programmes), competent authorities, academic and private organizations. The outputs have demonstrated value in not just fundamental research but also the practical implementation of ongoing education, training, and awareness activities to advance computer security for nuclear security.
Relevance
The CRP began at a time when computer security measures for nuclear facilities were largely commodity measures, taken from standard information technology environments, and applied to the operational technology environment of a nuclear facility- while these provided a degree of protection it was recognized during the IAEA International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange 2015 that more tailored and systematic approaches to computer security were required to ensure ongoing protection against evolving cyber threats. The CRP provided just that, an early exploration of the use of Artificial Intelligence for computer security purposes, Digital Twins, and the vulnerability assessment of dedicated I&C technologies for nuclear facilities. This work and the open nature of the CRP platform has seen the project and the involved institutes internationally recognised within and supporting the global development of these topical areas. As a subjective evaluation the timing, investment, research objectives, and open ethos of the CRP has significantly contributed to the direction of information and computer security for nuclear facilities particularly in opening up opportunities for global exchange and collaboration without the high cost and regulatory burdens traditionally encountered in this area.
CRP Publications
GFR / OVGU, CAN / CNL, HUN / CrySys
Paper
2020
R. ALTSCHAFFEL, T. HOLCZER, C. NEAL, M. HILDEBRANDT: THE NUCLEAR SIEM, ICONS 2020