CRP Success Story: Improved Computer Security Incident Analysis at Nuclear Facilities (J02008)

CRP Success Story: Improved Computer Security Incident Analysis at Nuclear Facilities (J02008)

The CRP has successfully developed, tested and adapted methodologies to improve the analysis of computer security incidents within nuclear facilities.

The project was led by a network of research laboratories, universities and facility operators around the world, and successfully achieved its overriding objectives:

  • improving computer security capabilities in nuclear facilities to support the prevention, detection and response to computer security incidents that could directly or indirectly affect nuclear safety and security;
  • create an international community of experts that will facilitate the exchange of good practices in the field of response to computer security incidents in nuclear installations.

The development of the simulation system supports research into the consequences of compromise associated with real control equipment. It also involved the development and evaluation of suitable computer security measures, including artificial intelligence techniques applied to detect anomalies indicating targeted cyberattacks.

Additionally, experience with anomaly detection techniques created within the CRP has supported the development of cyber intrusion detection systems for use in a nuclear operational environment.

“Adversaries’ cyberattack tactics, techniques, and procedures are evolving daily, so it’s important to understand that anytime, anywhere, a compromise can be detected, including early process effects,” said Fan Zhang, assistant. Professor at Georgia Tech in the United States of America. “The community involved in this CRP has created a set of tools, including the Asherah simulator, which has enabled open research in this area. The tools are now available and continue to support our research and efforts around the world to improve the analysis of computer security incidents at nuclear facilities,” she added.

The published simulator, tools, guidance and other results of CRP J02008 can be obtained, together with other thematic resources, on the Information and Computer Security User Group on the IAEA Nuclear Security Information Portal.

A further indication of the success of the CRP is that it has generated 80 publications, including articles published in peer-reviewed journals. Additional papers and research using CRP technologies are in preparation.

The CRP was made possible by generous extrabudgetary contributions to the Nuclear Security Fund from Canada, the European Union and the Republic of Korea.

Looking to the future, the IAEA has initiated activities to help countries use the results of this project, including a new CRP on enhancing the computer security of radiation detection systems. The overall objective is to develop methodologies and techniques to further improve the computer security of radiation detection equipment, associated computer systems, data communication protocols associated with the network infrastructure supporting the function of radiation detection systems. radiation detection.