1 / 18

Computer Security in the Nuclear Industry

Computer Security in the Nuclear Industry. TÚRI Tamás Project Manager, Paks NPP. Pieceful use of nuclear energy. Global Nuclear Power. 436 reactors in operation (370 GW e ) 5 reactors in long-term shutdown 62 reactors under construction As of December 2011.

wilda
Download Presentation

Computer Security in the Nuclear Industry

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Computer Security in the Nuclear Industry TÚRI Tamás Project Manager, Paks NPP

  2. Pieceful use of nuclear energy

  3. Global Nuclear Power 436 reactors in operation (370 GWe) 5 reactors in long-term shutdown 62 reactors under construction As of December 2011

  4. Age of operating reactors 50% 75% Number of reactors Age (as of July 2012)

  5. Digital process control Most of the Units were designed more than 30 years ago The nuclear industry is conservative Use of computers in process control was rare Recently designed Nuclear Units have digital process control and even digital safety systems Reconstruction projects in I&C systems install digital systems Nuclear safety was the No1 goal and the requirements reflected to that

  6. Many languages have the same word for safety and security Safety: The achievement of proper operating conditions, prevention of accidents or mitigation of accidentconsequences, resulting in protection of workers, the public and the environment from undueradiationHazards. Security: The prevention and detection of, and response to, theft, sabotage, unauthorized access, illegal transfer orother malicious acts involving nuclear material, other radioactive substances or theirassociated facilities. (IAEA Safety Glossary)

  7. Safety measures • Measures already implemented, in digital I&C systems for safety reasons have cyber security benefit as well • Redundancy • Diversity • Separation • Defense in depth • A set of comprehensive requirements for computer security was missing in the past decades

  8. Nuclear safety and nuclear security • Significant safety events like TMI, Chernobyl or Fukushima initiate new safety measures and significant security events do the same. • Up to the last few years security covered only the physical, personnel and information security but not the computer security • Nuclear Industry started to deal with computer security in a systematic way only after September 11 • The very recent malicious computer codes (Stuxnet, Duqu, Flame, Gauss) accelerated this process

  9. Trust and openness We have a good practice to share openly the information about safety events and investigation reports to learn the lesson (Forum of IAEA and WANO) We do not have any practice to share the information about computer security events (Only a few events are published)

  10. International activities

  11. The only IAEA document on the subject

  12. IAEA services supporting safety and security

  13. Methodology for ICSAS missions

  14. Scope of ICSAS missions

  15. Block diagram of a typical I&C function Nuclear regulator Disaster management Engineering offices Grid operator Isolated Each of these individual components is a potential vulnerable point The challenge is that these components were not necessarily designed with computer security as consideration.

  16. Exporting information Data Diode • No need for fast data transfer, delay is tolerated for 10s of seconds • No need to send back even a single bit • Reliability can be increased by telegram repetition and application of redundancy • Monitoring can be solved by counting telegrams and watching for missing ones

  17. Importing information • Only a few (less then 10) signals are needed • Set point for the electric power regulator • Set point for the reactive power regulator • Manual approval is provided for the operator

  18. Thanks for your attention!

More Related