IAEA Coordinated Research Project on Enhancing Incident Response at Nuclear Facilities

摘要

In June 2016, the IAEA commenced a new coordinated research project (CRP) J02008 titledEnhancing Computer Security Incident Response at Nuclear Facilities. The objective of this CRPis to conduct activities which support improved computer security capabilities at nuclear facilitiesto support the prevention and detection of, and response to, computer security incidents that havethe potential to either directly or indirectly adversely affect nuclear safety and nuclear security.This CRP provides the opportunity to participate in four activities to enhance computer securityincident analysis and response: (1) Operator support for computer security incident recognitionand response; (2) Analysis and technology support for computer security incident response; (3)Computer security Information Exchange; and (4) Cyber Crime Investigation.To achieve these aims, 17 institutes from 13 countries began to conduct research and developmenton design and construction of research environments that reflect and perform like nuclear facilitiesand/or their I&C systems.The oversight and coordination of the project led to the definition of three roles: (1)Facility/System Builders; (2) Threat Modellers; and (3) Capability Providing Organizations.Facility/System Builders are organizations that are intending to build mock-ups of nuclear systemsas part of their research. The current completed efforts are the first release of a model/simulatorthat can simulate the impact of cyber attacks on a hypothetical facility. The model/simulator canalso be used with compatible hardware in the loop systems.Threat Modellers are organizations that are developing Design Basis Threat (DBT), Scenarios, andThreat Tactics, Techniques and Procedures (TTP). The objective of these organizations is to buildupon existing threat models and information exchange to establish a possible threat modelapplicable to nuclear security.Capability Providing Organizations are organizations that can provide specific capabilities toothers in the CRP that stem from their background expertise and/or the research they will beconducting in the CRP, e.g., on vulnerability assessment, security controls assessment, policies.These organizations will be using IEC cyber security standards as a common basis on which topostulate, design, and implement computer security measures with respect to incident response.This paper will provide a summary of the research approaches and the results of the CRP J02008,and preview the final results expected by the end of 2019.