1 / 13

Integrated Protection for Nuclear Facilities: Physical, Cyber and Information Protection

Integrated Protection for Nuclear Facilities: Physical, Cyber and Information Protection. Chris Price. INTEGRATION. The physical protection system of a nuclear facility should be integrated and effective against both sabotage and unauthorised removal

kenny
Download Presentation

Integrated Protection for Nuclear Facilities: Physical, Cyber and Information Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Integrated Protection for Nuclear Facilities: Physical, Cyber and Information Protection Chris Price

  2. INTEGRATION The physical protection system of a nuclear facility should be integrated and effective against both sabotage and unauthorised removal Appropriate physical protection measures should be designed based on the more stringent applicable requirements and implemented for both in an integrated manner INFCIRC/225/Rev.5, paragraphs 4.9 and 5.3

  3. RISK THREAT + VULNERABILITY + CONSEQUENCES

  4. THREAT Intention + Capability Threat Assessment: Of Unauthorised Removal and Sabotage Assisted by Unauthorised Access to Sensitive Information and Cyber Attack Carried out by External Attackers and Insiders

  5. DESIGN BASIS THREAT • Group Size • Equipment • Capability • Tactics • Attack methodology

  6. TARGET IDENTIFICATION AND POTENTIAL CONSEQUENCES (1) Unauthorised Removal of Nuclear and other Radioactive Material Nuclear Material Accountancy Register of Radioactive Sources Categorisation Tables

  7. TARGET IDENTIFICATION AND POTENTIAL CONSEQUENCES (2) Sabotage of Nuclear and Other Radioactive Material/Facilities Define Unacceptable Radiological Consequences (URC) using Graded Approach Determine whether Radioactive Inventory has potential to result in URC Identify material, equipment, systems and devices

  8. TARGET IDENTIFICATION AND POTENTIAL CONSEQUENCES (3) Unauthorised Access to Sensitive Information/Cyber Attack Sensitive Information – Classification Policy Information and Communications Technology (ICT) Systems/Instrument and Control (IC) Systems – Loss of Confidentiality, Integrity and Availability Impact on Security and Safety Systems

  9. VULNERABILITY ASSESSMENT (1) Unauthorised Removal of Category I Nuclear Material + Sabotage of High Consequence Material/Systems – Against DBT

  10. VULNERABILITY ASSESSMENT (2) Unauthorised Removal of other material + Sabotage of other material/systems + Compromise of Sensitive Information and ICT/IC Systems - Against DBT or Threat Assessment Physical Protection design Objectives and/or Levels of Protection Detect DBT

  11. SECURITY PLAN Integrated set of technical and organisational measures Utilising Defence in Depth To protect against attack Including predefined response actions To effectively counter attempted unauthorised removal or sabotage

  12. INTEGRATED MEASURES Physical measures – access control, alarm monitoring etc Security Culture – training and education Personnel Security measures Investigation of Security Events – impact assessment Sustainability – testing, change management Exercises

  13. CONCLUSIONS Physical Protection is a “Package” Attackers exploit vulnerabilities All Fundamental Principles in the CPPNM apply equally to Information/Cyber Security

More Related