CRP Success Story: Enhancing Computer Security Incident Analysis at Nuclear Facilities (J02008)

The CRP successfully developed, tested and adapted methodologies to enhance the analysis of computer security incidents within nuclear facilities.

The project was carried out by a network of research laboratories, academia and facility operators around the world, and successfully achieved its overarching objectives:  

• to improve computer security capabilities at nuclear facilities to support the prevention and detection of, and response to, computer security incidents that have the potential to either directly or indirectly adversely affect nuclear safety and nuclear security;
• to establish an international community of experts that will facilitate the exchange of good practices in the field of computer security incident response at nuclear facilities.

The development of the simulation system supports research into the consequences of compromise associated with actual control equipment. It also involved the development and evaluation of commensurate computer security measures, including artificial intelligence techniques applied to detect anomalies indicating targeted cyber-attacks.

Furthermore, experience with the anomaly detection techniques created within the CRP has supported the development of cyber-intrusion detection systems for use within a nuclear operational environment.

“Adversaries’ tactics, techniques, and procedures for cyber-attack evolve every day, therefore it is important to understand that at any time and everywhere, a compromise may be detected, including during early effects on the process,” said Fan Zhang, Assistant Professor at Georgia Tech in the United States of America. “The community involved in this CRP created a set of tools, including the Asherah simulator, that has enabled open research into this area. The tools are now available and continue to support our research and further efforts around the globe to enhance computer security incident analysis in nuclear facilities,” she added.

The released simulator, tools, guidance, and other outputs of CRP J02008 can be obtained, along with further topical resources, on the Information & Computer Security User Group on the IAEA’s Nuclear Security Information Portal.

An additional indication of the CRP’s success was that it generated 80 publications including papers published in peer reviewed journals. Further papers and additional research work utilising the CRP technologies are in the pipeline.  

The CRP was made possible through generous extrabudgetary contributions to the Nuclear Security Fund from Canada, the European Union and Republic of Korea.

With an eye to the future, the IAEA has embarked on activities to assist countries with the use of this project outputs, including a new CRP on Enhancing Computer Security for Radiation Detection Systems. The overall goal is to develop methodologies and techniques to further improve computer security of radiation detection equipment, associated computer-based systems, data communications protocols associated network infrastructure supporting the function of radiation detection systems.