IAEA Office of Nuclear Security - PowerPoint PPT Presentation

About This Presentation
Title:

IAEA Office of Nuclear Security

Description:

Title: Office Of Nuclear Security Cyber Security Programme Author: DUDENHOEFFER, Donald D. Last modified by: DOUCHEV-SCHACHNER, Nikolay Created Date – PowerPoint PPT presentation

Number of Views:240
Avg rating:3.0/5.0
Slides: 16
Provided by: DUDENHOEF
Learn more at: http://www-ns.iaea.org
Category:

less

Transcript and Presenter's Notes

Title: IAEA Office of Nuclear Security


1
IAEA Office of Nuclear Securitys Initiatives in
Cyber and Information Security
  • Khammar Mrabit
  • Director
  • Office of Nuclear Security

2
IAEA Role
  • Ministerial Declaration
  • We, Ministers of the Member States of the
    International Atomic Energy Agency (IAEA),...
  • Recognize the IAEAs efforts to raise awareness
    of the growing threat of cyber-attacks and their
    potential impact on nuclear security, and
    encourage the IAEA to make further efforts to
    foster international cooperation and to assist
    States, upon request, in this area through the
    establishment of appropriate guidance and by
    providing for its application.

2
3
Computer and Information Security
  • The Computer and Information Security programme
    is focused on preventing computer acts that could
    directly or indirectly lead to
  • unauthorized removal of nuclear/other radioactive
    material
  • sabotage against nuclear material or nuclear
    facilities
  • theft of nuclear sensitive information
  • .

3
4
New Targets
Mobile Computing Devices
Control and Instrumentation System
4
5
International Instruments
  • FUNDAMENTAL PRINCIPLE G Threat
  • The States PP should be based on the States
    current evaluation of the threat.
  • FUNDAMENTAL PRINCIPLE I Defence in Depth
  • The States requirements PP should reflect a
    concept of several layers and methods of
    protection (structural or other technical,
    personnel and organizational) that have to be
    overcome or circumvented by an adversary in
    order to achieve his objectives.
  • FUNDAMENTAL PRINCIPLE L Confidentiality
  • The State should establish requirements for
    protecting the confidentiality of information,
    the unauthorized disclosure of which could
    compromise the physical protection of nuclear
    material and nuclear facilities.

5
6
International Instruments
  • Protection of computer systems associated with
    Other Radioactive Materials
  • Such systems may include
  • Inventory systems/records
  • Physical access control
  • Security monitoring
  • Operational
  • Calibration
  • Boarder monitoring

6
7
Nuclear Security Fundamentals (NSS 20)
  • Provide for the establishment of regulations and
    requirements for protecting the confidentiality
    of sensitive information and for protecting
    sensitive information assets
  • Ensuring through appropriate arrangements that
    sensitive information or other information
    exchanged in confidence is adequately and
    appropriately protected.
  • Routinely performing assurance activities to
    identify and address issues and factors that may
    affect the capacity to provide adequate nuclear
    security, including cyber security, at all times.

7
8
Current Technical Guidance
  • NSS17 Computer Security at Nuclear Facilities

The objective of the document is to provide
guidelines to personnel designing, implementing,
and managing Instrumentation and Control (IC)
and Information systems and networks at nuclear
facilities. The guidance addresses prevention
and detection of potential attacks through
reference to best practices in architecture,
assurance and management of security information
and IC systems.
8
9
Guidance published and in Draft
9
10
Proposed Additional Guidance
  • Nuclear Security Recommendations or Implementing
    Guide for Computer Security ?
  • Computer Security Systems and Measures for
    Nuclear Facilities (implementing guide) ?
  • Computer Security Practices for Nuclear
    Facilities (Technical Guide) ?
  • These documents are designed to build a top to
    bottom framework to support Member States,
    Competent Authorities, and nuclear organizations
    in developing and conducting assurance activities
    for computer security.

The development of these documents will be
discussed at the next Nuclear Security Guidance
Committee Meeting in October.
11
International Physical Protection Advisory
Service (IPPAS)
New Information and Computer Security Review
conducted during IPPAS Missions to 2012 -
Netherlands, Finland, Romania 2013 - Laboratories
in Seibersdorf, Hungary
Convergence of Physical Protection and Cyber
Security
11
12
Training Activities
  • The request for awareness and advanced training
    by Member States continues to grow. This trend
    will only continue.
  • Primary Training Courses
  • Basic Information and Computer Security Awareness
  • Conducting Cyber Security Assessments
  • Advanced Course in Information and Computer
    Security
  • Professional Development Course for Nuclear
    Security Professionals

Projected
Training Events
Requests are currently in place for 2014 Estimate
a sustained 6-9 courses per year
12
13
2015 Cyber Security Conferences
IAEA International Conference on Cyber
Security Nuclear Security in a Computer World
Prevention, Detection and Resistance to Emerging
Cyber Threats
8-12 June 2015
13
14
Cyber Security Users Group
  • IAEAs information portal for cyber security
    https//nusec.iaea.org/portal/UserGroups/CyberSec
    urity/CyberSecurityOverview/tabid/503/Default.aspx

14
15
Questions
  • Thank you

15
Write a Comment
User Comments (0)
About PowerShow.com