A critical review of attack scenarios on the IAEA Technical Guidance NSS 17 Computer Security at Nuclear Facilities

摘要

Changed threat landscape that includes advanced persistent threats and collusion threats, together with advances in understanding recent highly sophisticated attacks on critical infrastructure systems highlight the importance of cybersecurity in nuclear facilities. This paper first reviews the examples of possible attack scenarios shown in the IAEA Technical Guidance Reference Manual on Computer Security at Nuclear Facilities, commonly referenced as IAEA NSS 17. The sample generic attack scenarios that are not specific to nuclear facilities are supplemented in this paper by a more complex attack that corresponds more closely to the post-Stuxnet era. A conventional attack tree modelling methodology is used to represent the attack scenario on industrial control systems. The modelling focusses on the vulnerabilities caused by the human component of the complex systems.