Computer Security for Nuclear Security : Implementing Guide.

Format:

Book

Author/Creator:

IAEA.

Series:

IAEA Nuclear Security

IAEA Nuclear Security ; v.42-G

Language:

English

Subjects (All):

Computer networks--Security measures.

Computer security.

Physical Description:

1 online resource (81 pages)

Edition:

1st ed.

Place of Publication:

Havertown : International Atomic Energy Agency, 2021.

Summary:

This publication provides detailed guidance on developing, implementing, and integrating computer security as a key component of nuclear security. This guidance applies to computer security aspects of nuclear security and its interfaces with nuclear safety and with other elements of a State's nuclear security regime, including the security of nuclear material and nuclear facilities, of radioactive material and associated facilities, and of nuclear and other radioactive material outside of regulatory control. The scope of this publication includes: computer-based systems, the compromise of which could adversely affect nuclear security or nuclear safety; the State's and relevant entities roles and responsibilities in relation to computer security in the nuclear security regime; the activities of the State in establishing and implementing a computer security strategy for nuclear security; the elements and measures for subordinate computer security programmes; and the activities to sustain the strategy.

Contents:

Intro

1. INTRODUCTION

Background

Objective

Scope

Structure

2. CONCEPTS AND CONTEXT

Key terminology

Identification of sensitive digital assets

Cyber-attack

Computer security across nuclear security

Nuclear material and nuclear facilities

Radioactive material and associated facilities

Nuclear and other radioactive material out of regulatory control

Threats, vulnerabilities and computer security measures

Threats

Vulnerabilities

A graded approach and defence in depth for computer security

Computer security responsibilities within a nuclear security regime

Computer security competences and capabilities

3. ROLES AND RESPONSIBILITIES OF THE STATE

Legislative and regulatory considerations

Competent authority for computer security in the nuclear security regime

Interfaces with other domains

Nuclear safety

Physical protection

Information technology and operational technology functions

Intelligence organizations

Response organizations

International assistance and cooperation (including information exchange)

4. ROLES AND RESPONSIBILITIES OF COMPETENT AUTHORITIES AND OPERATORS

Working with vendors, contractors and suppliers

Competent authority for computer security

Prescriptive approach

Performance based approach

Combined approach

Regulatory body

5. ESTABLISHING THE COMPUTER SECURITY STRATEGY

Computer security strategy for the nuclear security regime

Assessment of cyberthreat to the nuclear security regime

Assigning a competent authority for cyberthreat assessment

Assessment of the impact arising from mal-operation of SDAs

Risk assessment method to determine computer security measures

6. IMPLEMENTING THE COMPUTER SECURITY STRATEGY

Assignment of computer security responsibilities.

Relationships between competent authorities and operators

Responding to computer security incidents

Exercises

Assurance activities

Security qualification of parts and services

International cooperation and assistance

7. DEVELOPING A COMPUTER SECURITY PROGRAMME

Contents of a computer security programme

Organizational level risk assessment

Computer security measures

A graded approach for determining computer security measures

Design of computer security measures

Defence in depth for computer security measures

Management of vendors, contractors and suppliers

8. SUSTAINING COMPUTER SECURITY

Security culture

Training

Contingency plans and response

Computer security assurance activities

Appendix NUCLEAR SAFETY INTERFACE CONSIDERATIONS FOR COMPUTER SECURITY AT FACILITIES

REFERENCES

Annex I SUGGESTED RECOMMENDATIONS LEVEL GUIDANCE ON COMPUTER SECURITY FOR A NATIONAL NUCLEAR SECURITY REGIME

Annex II CYBERTHREAT PROFILES

Annex III ASSIGNMENT OF COMPUTER SECURITY RESPONSIBILITIES

Annex IV EXAMPLE FRAMEWORK OF COMPUTER SECURITY COMPETENCES AND LEVELS OF CAPABILITY

GLOSSARY.

Notes:

Description based on publisher supplied metadata and other sources.

ISBN:

9789201213204

9201213204

OCLC:

1323253731