Enhancing Computer Security for Nuclear Safety and Security

Nuclear safety and nuclear security share the same objective and vision: to protect individuals, societies and the environment from the potential harmful effects of ionizing radiation. Though the activities that address nuclear safety and nuclear security are different, it is essential to establish a well-coordinated approach to managing their interface. It is important to ensure that relevant measures are implemented in a manner that capitalizes on opportunities that may be available for mutual enhancement — without compromising either safety or security.

It is well known that in nuclear and radiological facilities physical security systems and measures are necessary to protect equipment, systems and devices — typically intended to maintain nuclear safety — from a deliberate act of sabotage that could potentially lead to a release with radiological consequences. Typically, in older designs and applications, safety systems needed to be protected with only physical protection measures. However, the ubiquitous and ever-increasing technology trends of today are significantly increasing the role of the digital systems in the efficiency of operations at nuclear and radiological facilities, especially associated with those responsible for important facility functions, such as instrumentation and control systems, including those used both for safety and security.

The security of these systems requires stringent vigilance to identify vulnerabilities and deter unauthorized access to digital control systems that may result in compromised safety or security functions. In this regard, computer security is becoming increasingly important for the interplay between safety and security, and is being addressed as part of other key areas that include the regulatory infrastructure; engineering provisions in the design and construction of nuclear installations; controls on access to nuclear installations; the categorization of radioactive sources; the management of radioactive sources and radioactive material, including spent fuel and radioactive waste products; the detection and recovery of uncontrolled sources; and emergency response and contingency plans.

At a national level, policymakers need to consider nuclear security and nuclear safety together when preparing the regulations on computer security. Clear allocation of responsibilities, leadership and risk management are the foundations of the safety and security interface and are equally important for the implementation of effective computer security measures. At the same time, computer security is intrinsically a global challenge.

In this context, the importance of international cooperation and the central role of the IAEA are widely recognized. The interface between nuclear safety and nuclear security is highlighted in IAEA safety standards and nuclear security guidance. For about a decade now, the IAEA has been developing and offering countries a comprehensive suite of assistance in the technical area of information and computer security, supporting them in taking effective measures against cyberattacks that could potentially impact nuclear security. In addition, the IAEA provides support in establishing synergies between nuclear safety and nuclear security systems and measures to ensure that actions taken in the two fields complement rather than compromise each other.

Looking ahead, technological advancements will further increase the importance of robust computer security for nuclear safety and security at the State and facility levels. Rapidly evolving technologies such as artificial intelligence are promising in terms of solving some problems and improving digitally controlled operations. At the same time, they present new challenges that need to be addressed. Similarly, wireless and automation technologies are being considered and used today in advanced nuclear reactor designs such as small modular reactors and microreactors. As cyberthreats are constantly and rapidly evolving, IAEA support for Member States’ needs for enhancing computer security for nuclear safety and security requires agility to keep abreast of all the new opportunities and challenges of these novel technologies in order to provide the most efficient standards, best practices, training and guidelines. This is what the IAEA Department of Nuclear Safety continuously strives for.