Cyber security inspectors from the Office for Nuclear Regulation (ONR) made key contributions to last week’s International Atomic Energy Agency (IAEA) conference on computer security in the nuclear world.
CyberCon23 was a week-long discussion about the need for effective security measures to protect against cyber-attacks on facilities handling nuclear or other radioactive material in an increasingly digitised world.
Paul Shanes, Warren Cain, Kirstin Sands and Gareth Carrigan, from ONR, participated in the event in Vienna, which provided Member States with a forum to discuss the evolving nature of computer security in the nuclear field.
This included mitigation capabilities and related tools, as the vulnerability of sensitive information from theft and/or manipulation, and also the vulnerabilities of computer systems to cyber-attacks, is widely recognised.
Paul chaired a series of presentations and debates on state-level strategy and regulatory approaches for cyber security and contributed to related discussions held via the IAEA’s podcast ‘Nuclear Matters’ while Warren spoke about our journey towards outcome-focused regulation within the UK civil nuclear security sector and the benefits which this approach provides dutyholders.
ONR also delivered a session on intelligence-led cyber kill chain-designed assurance and achieving cyber security outcomes through computer assurance activities.
CyberCon23 featured participants from 94 countries and seven international organisations, with Director General Rafael Mariano Grossi welcoming more than 500 worldwide participants during an introductory video message.
Also as part of the conference, ONR’s Gareth Carrigan gave his expertise within a discussion about cyber security implications for nuclear material transportation and Kirstin Sands spoke of the benefits and importance of attracting and retaining younger generations to cyber security careers within the nuclear industry.
At the opening session, participants witnessed a fictitious cyber-attack through a series of videos depicting an attack on an imaginary facility.
The narrated scenario highlighted the importance of protecting digital systems, such as instrument and control systems, that are used for key safety and security applications.
Paul Shanes, ONR’s Professional Lead for Cyber Security, said: “During the week, participants heard from industry leaders about the threats facing critical national infrastructure, and through a series of interactive discussions, demonstrations and pre-prepared case studies were able to share their experiences, expertise and insight in order to drive improvements and increase maturity in this ever-evolving field.”