The growing range and number of cyber threats means that there is no single facility immune to cyber-attacks. In the case of nuclear installations and radiological facilities, computer-controlled systems are extensively used to support their core functions and operations. Information and computer security, therefore, are an essential part of nuclear security measures, along with physical protection, both for nuclear facilities and nuclear or other radioactive material facilities.
"The heightened awareness of cyber threats urges for further investment of resources towards improving computer security for nuclear security," said Elena Buglova, Director of the IAEA's Division of Nuclear Security. The IAEA offers countries assistance in addressing their needs in the area of computer security. In 2022, the IAEA organized 46 computer security-related events, an increase of 28 per cent from 2021, with a focus on national-level support for computer security regulations and inspections, and computer security exercises.
The IAEA is holding an International Conference on Computer Security in a Nuclear World: Security for Safety, from 19 to 23 June 2023 in Vienna, Austria, bringing together the international community to discuss developments and progress in protecting nuclear and other radioactive material activities against cyber-attacks.
The conference, the second of its kind with the first held in 2015, will provide the opportunity for countries to discuss and exchange about key elements of computer security, such as state level strategies, regulations, implementation of a computer security programme with protective measures, supply chain and incident response, as well as capacity building courses and exercises offered by the IAEA.
"Every participant will benefit from the technical sessions planned in the upcoming conference, as well as from a variety of hands-on demonstrations to be showcased," said Buglova.
The conference will provide a global forum for competent authorities of IAEA member countries, nuclear operators, integrators and suppliers of security systems and other relevant international and industry organizations and institutions. It will feature plenary sessions, keynote presentations, panel discussions, poster presentations, technical sessions, computer security demonstrations, as well as interactive events, including a "Cyber Village."
The Cyber Village will be open from 20 to 22 June with interactive computer security discussions including selected participating countries and organizations presenting live demonstrations of the effects of cyber-attacks as well as defending against them on simulated and actual equipment. It aims to assist countries in raising awareness for better identifying, detecting, mitigating and responding to cyber threats. It will also provide opportunities for attendees to engage with computer security subject matter experts.
The IAEA will also showcase a new virtual training environment developed to streamline and simplify the delivery of computer security training course and conducting computer security exercises.
The new virtual learning platform consists of 12 hands-on exercises related to computer security of instrumentation and control (I&C) and physical protection systems (PPS). A joint product of the IAEA and the Austrian Institute of Technology (AIT), an IAEA Collaborating Centre, the platform is designed to simulate real-world scenarios that countries might face in the event of a cyber-attack. Among the scenarios featured are, for example, cyber-attacks on nuclear facilities systems with detection or mitigation efforts to defend against attack, to the installation of malware on hospital computers used to control physical security systems of radioactive sources in radiotherapy.
"The virtual learning environment offers immense value to increase operational as well as strategic capabilities by supporting various training purposes," said Helmut Leopold, Head of Center for Digital Safety & Security at AIT. "By simulating real environments, the platform enables learners to acquire practical skills and experience that are essential for effective nuclear security management."