Research Article
CONDUCTING CYBERSECURITY REGULATORY INSPECTIONS AT NUCLEAR FACILITIES
|
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
|
| Volume 186 - Issue 12 |
| Published: March 2024 |
| Authors: Samo Tomažič, Trent Nelson, Tadej Šeruga |
10.5120/ijca2024923510
|
Samo Tomažič, Trent Nelson, Tadej Šeruga . CONDUCTING CYBERSECURITY REGULATORY INSPECTIONS AT NUCLEAR FACILITIES. International Journal of Computer Applications. 186, 12 (March 2024), 17-24. DOI=10.5120/ijca2024923510
@article{ 10.5120/ijca2024923510,
author = { Samo Tomažič,Trent Nelson,Tadej Šeruga },
title = { CONDUCTING CYBERSECURITY REGULATORY INSPECTIONS AT NUCLEAR FACILITIES },
journal = { International Journal of Computer Applications },
year = { 2024 },
volume = { 186 },
number = { 12 },
pages = { 17-24 },
doi = { 10.5120/ijca2024923510 },
publisher = { Foundation of Computer Science (FCS), NY, USA }
}
%0 Journal Article
%D 2024
%A Samo Tomažič
%A Trent Nelson
%A Tadej Šeruga
%T CONDUCTING CYBERSECURITY REGULATORY INSPECTIONS AT NUCLEAR FACILITIES%T
%J International Journal of Computer Applications
%V 186
%N 12
%P 17-24
%R 10.5120/ijca2024923510
%I Foundation of Computer Science (FCS), NY, USA
Abstract
The research paper delves into the domain of conducting cybersecurity inspections at nuclear facilities, addressing the escalating need for high protection in an era of digitalization of safety, security and emergency preparedness systems at nuclear facilities, and increasing internal and external cyber threats. Nuclear facilities stand as prime targets due to their potential catastrophic consequences if their functions were compromised. Drawing on national legislations, industry standards, best practices, and test inspection, this paper outlines a structured inspection methodology tailored to nuclear facilities for cybersecurity. This methodology encompasses an inspection guide which includes three inspection techniques (document review, interviews, and direct observations), seven key cybersecurity regulation elements (cybersecurity program, identification of functions, systems and critical digital assets, risk management, protection of a system function, change management, supply chain, incident response) and their control objectives, and applicable international guides to be used to conduct the inspection. In conclusion, the paper underscores that effective cybersecurity inspections in nuclear facilities are paramount to national and global security.
References
- Samo Tomažič and Igor Bernik, ‘Cyberattack Response Model for the Nuclear Regulator in Slovenia’, 2019, doi: 10.3217/JUCS-025-11-1437.
- J. A. Bullock, G. D. Haddow, and D. P. Coppola, ‘Cybersecurity and critical infrastructure protection’, in Introduction to Homeland Security, Elsevier, 2021, pp. 425–497. doi: 10.1016/B978-0-12-817137-0.00008-0.
- [International Atomic Energy Agency, Nuclear security recommendations on physical protection of nuclear material and nuclear facilities: INFCIRC/225/Revision 5. in IAEA nuclear security series Recommendations, no. 13. Vienna: International Atomic Energy Agency, 2011. [Online]. Available: https://www-pub.iaea.org/MTCD/Publications/PDF/Pub1481_web.pdf
- SI-CERT, ‘SI-CERT (Slovenian Computer Emergency Response Team): Annual Report (2022)’, Slovenian Computer Emergency Response Team, Ljubljana, 2023. [Online]. Available: https://www.cert.si/wp-content/uploads/2023/06/Porocilo-o-kibernetski-varnosti_2022_web-1.pdf
- ‘Slovenian Nuclear Safety Administration: Rules on radiation and nuclear safety factors (2016)’. 2016. [Online]. Available: http://www.pisrs.si/Pis.web/pregledPredpisa?id=PRAV12796
- M. W. Sunseri, ‘PROPOSED DRAFT REGULATORY GUIDE 5.71, REVISION 1, “CYBER SECURITY PROGRAMS FOR NUCLEAR POWER REACTORS”’, Dec. 16, 2021. [Online]. Available: https://www.nrc.gov/docs/ML2134/ML21342A263.pdf
- IAEA, Conducting computer security assessments at nuclear facilities. Vienna: International Atomic Energy Agency, 2016. [Online]. Available: https://www-pub.iaea.org/MTCD/Publications/PDF/TDL006web.pdf
- IAEA, Computer Security for Nuclear Security. Vienna: IAEA, 2021. [Online]. Available: https://www-pub.iaea.org/MTCD/Publications/PDF/PUB1918_web.pdf
- A. Buzdugan and A. Buzdugan, ‘The Synergy Between Cyber and Nuclear Security. Case Study of Moldova’, in Functional Nanostructures and Sensors for CBRN Defence and Environmental Safety and Security, A. Sidorenko and H. Hahn, Eds., in NATO Science for Peace and Security Series C: Environmental Security. , Dordrecht: Springer Netherlands, 2020, pp. 223–231. doi: 10.1007/978-94-024-1909-2_16.
- Dr. Y. Perwej, S. Qamar Abbas, J. Pratap Dixit, Dr. N. Akhtar, and A. Kumar Jaiswal, ‘A Systematic Literature Review on the Cyber Security’, int.jour.sci.res.mana., vol. 9, no. 12, pp. 669–710, Dec. 2021, doi: 10.18535/ijsrm/v9i12.ec04.
- A. Ayodeji, M. Mohamed, L. Li, A. Di Buono, I. Pierce, and H. Ahmed, ‘Cyber security in the nuclear industry: A closer look at digital control systems, networks and human factors’, Progress in Nuclear Energy, vol. 161, p. 104738, Jul. 2023, doi: 10.1016/j.pnucene.2023.104738.
- I. Onyeji, M. Bazilian, and C. Bronk, ‘Cyber Security and Critical Energy Infrastructure’, The Electricity Journal, vol. 27, no. 2, pp. 52–60, Mar. 2014, doi: 10.1016/j.tej.2014.01.011.
- C. Baylon, R. Brunt, and D. Livingstone, Cyber security at civil nuclear facilities: understanding the risks. London: Chatham House, 2015.
- F. Zhang, ‘Nuclear power plant cybersecurity’, in Nuclear Power Plant Design and Analysis Codes, Elsevier, 2021, pp. 495–513. doi: 10.1016/B978-0-12-818190-4.00021-8.
- G. Boyne, P. Day, and R. Walker, ‘The Evaluation of Public Service Inspection: A Theoretical Framework’, Urban Studies, vol. 39, no. 7, pp. 1197–1212, Jun. 2002, doi: 10.1080/00420980220135563.
- I. Sirc and N. Ledinek, ‘2021 Annual Report on Radiation and Nuclear Safety in the Republic of Slovenia’, Slovenian Nuclear Safety Administration, Ljubljana, Jan. 2023. [Online]. Available: https://www.gov.si/assets/organi-v-sestavi/URSJV/Dokumenti/Letna-porocila/2021/URSJV_LP_ang_2021.docx
- IAEA, Developing Regulations and Associated Administrative Measures for Nuclear Security: Implementing Guide. Vienna: IAEA, 2018.
- G. Caruso, ‘Regulatory requirements and practices in nuclear power programmes’, in Infrastructure and Methodologies for the Justification of Nuclear Power Programmes, Elsevier, 2012, pp. 94–125. doi: 10.1533/9780857093776.1.94.
- National Institute of Standards and Technology, ‘Cybersecurity White Paper: EO Response’, 2022. doi: 10.6028/NIST.CSWP.02042022-2.
- IAEA Nuclear Safety and Security Glossary. in Non-serial Publications. Vienna: INTERNATIONAL ATOMIC ENERGY AGENCY, 2022. [Online]. Available: https://www.iaea.org/publications/15236/iaea-nuclear-safety-and-security-glossary
- C. Glantz et al., Cyber Security Self-Assessment Method for U.S. Nuclear Power Plants, NUREG/CR-6847, vol. 2004. 2004. [Online]. Available: https://adamswebsearch2.nrc.gov/webSearch2/main.jsp?AccessionNumber=ML15111A054
- G. P. Landine, C. S. Glantz, and G. A. Coles, ‘A PROVEN APPROACH FOR EFFECTIVE COMPUTER SECURITY SELF-ASSESSMENTS AT NUCLEAR FACILITIES’, Mar. 2020, [Online]. Available: https://www.osti.gov/biblio/1604145
- International Atomic Energy Agency, International Physical Protection Advisory Service (IPPAS) Guidelines. in IAEA services series. IAEA, 2014. [Online]. Available: https://books.google.si/books?id=s4feuQEACAAJ
- T. W. Edgar and D. O. Manz, Research Methods for Cyber Security. 2017, p. 404.
Index Terms
Keywords