The IAEA recently issued its first implementing guide to comprehensively address computer security – Nuclear Security Series (NSS) No. 42-G Computer Security for Nuclear Security – to support experts worldwide in implementing computer security measures to strengthen their national nuclear security regimes.
“This guide will support Member States in strengthening computer security in their national nuclear security regimes, ensuring the benefits of digital technology can be embraced without weakening the regime and the capacity to protect, detect and respond to cyber threats,” said Elena Buglova, Director of the IAEA Division of Nuclear Security.
Computer-based systems play an essential role in all aspects of our lives, and this is no different when it comes to nuclear and related activities. These systems are used in a variety of ways in the nuclear industry to support the effective, safe and secure operation of facilities and activities engaged in using, storing and transporting nuclear and other radioactive materials.
Because of this key role, these digital systems can be an attractive target for terrorists and saboteurs. They could aim to exploit the potential vulnerabilities of a facility’s digital systems, which could lead to unauthorized access, disruption of operations, and even the sabotage of facilities or the theft of nuclear or other radioactive materials.
“Ensuring that these systems are secured against such acts, protects facilities from cyber-attacks and sabotage and bolsters other areas of the nuclear security by keeping, for example, physical protection and detection systems operational,” said Buglova.
The new publication highlights the need for and provides guidance on how to implement computer security as an integral component of a national nuclear security regime. The guidance supports the development and implementation of an integrated national strategy, regulatory approach, and adherent computer security programmes designed to protect computer-based systems, the compromise of which could adversely affect nuclear security or nuclear safety.
This guidance publication, as with all in the NSS, is produced by the IAEA in cooperation with Member States. Other publications in the NSS that touch upon computer security for nuclear security are NSS No. 17-T (Rev. 1) Technical Guidance on Computer Security at Nuclear Facilities, published in September 2021, and NSS No. 33-T Technical Guidance on Computer Security of Instrumentation and Control Systems at Nuclear Facilities.
Further information on computer security can be found here, and IAEA e-Learning modules on the topic can be accessed here.