IAEA offers training on preventing cyber-attacks

24 October 2018

A new training course on protecting nuclear facilities against cyber-attacks has been launched by the International Atomic Energy Agency (IAEA).

Instructors and participants at the first IAEA course on cyber security (Image: INL)

Developed with the US Department of Energy's (DOE's) National Nuclear Security Administration and hosted by the Idaho National Laboratory (INL), the inaugural course - Protecting Computer-Based Systems in Nuclear Security Regimes - was held earlier this month.

The two-week course was attended by 37 participants from 13 countries and offered training on best practices in computer security. Participants were able to test their skills on mock-ups of state-of-the-art digital systems common in nuclear facilities, which use digital technologies to provide functions that support safe operations, security, material accountancy and control, and protection of sensitive information.

In developing the course, cybersecurity experts from the IAEA and the DOE National Laboratories - Idaho National laboratory, Pacific Northwest National Laboratory and Los Alamos National Laboratory - designed a learning environment that replicated equipment typically found in a nuclear facility.

"Everyone with responsibility for nuclear security must have a thorough understanding of the vulnerabilities of their systems - they must know how to prevent and mitigate possible cyber-attacks on those systems," said Raja Adnan, director of the IAEA's Division of Nuclear Security. "The IAEA offers a range of training courses in computer security to help ensure that governments and organistions have the necessary technical, regulatory and other tools to succeed when faced with highly skilled adversaries."

The IAEA commissioned the Austrian Institute of Technology to develop a special, virtual IT training and simulation platform that simulates extremely sensitive industrial control systems. This so-called Cyber Range allows new technologies, tools and processes designed to defend against cyber threats to be simulated, tested and trained in a realistic environment, and has been developed in response to the increasing digitalisation and networking of industrial control systems for nuclear power plants.

The attack on Iran's nuclear facilities with the Stuxnet malware in 2010 illustrated that nuclear facilities are the target of cyber-attacks and that these attacks can lead to physical damage.

Researched and written by World Nuclear News