Help with Search courses

Webinar 1: Nuclear Security and Information and Computer Security (I&CS)

Nuclear security seeks to prevent, detect and respond to criminal and intentional unauthorized acts involving or directed at nuclear and other radioactive material, associated facilities and associated activities. Nuclear security of nuclear material and nuclear facilities includes physical protection, personnel related security (e.g. trustworthiness determination and measures against insider threats) and, information and computer security.  

Cyber-attacks at nuclear facilities may contribute to causing physical damage to the facility and/or disabling its security or safety systems (i.e. sabotage), to obtaining unauthorized access to sensitive nuclear information, or to the unauthorized removal of nuclear material. A programmatic approach to information and computer security is therefore vital at nuclear facilities to protect both nuclear security and nuclear safety.

Webinar 2: Operational Technology and Physical Protection Systems

This presentation is about Operational Technology and how digital technology has introduced risk that must be addressed. Operational Technology will be defined, basic components of an OT system will be reviewed including key OT assets such as the programmable logic controller, differences between Information and Operational Technology, how the nuclear industry uses OT, vulnerabilities that exist within digital OT, and finally mitigations that can be applied to help defend and protect against cyber-attacks.

Webinar 3: Nuclear Security Threats to I&CS

Understanding the threat actor, and specifically their associated capabilities and attributes, is a critical success factor in developing appropriate cybersecurity countermeasures. Instrumentation and Control (I&C) systems are desirable targets because their compromise or ‘maloperation’ can result in kinetic and highly undesirable consequences. By learning how the threat actor develops and executes attacks, combined with how they develop the techniques, tactics and procedures to execute a cyber campaign, defenders can make better informed decisions as to how their critical operational technology can be protected. This course is designed to introduce the student to the modern threat actor (using cyber methods to target and attack critical nuclear systems) and empower the student to ‘think like an attacker’ to help create effective risk reduction strategies. The course will introduce the student to how attackers can be categorized based on their attributes (techniques, tactics, procedures), how an adversary uses cyber in developing their attack plan, how use cases and ‘kill chains’ can be used by the defender to model how a threat actor will attack and how the defender can use intelligence to proactively develop and deploy countermeasures to mitigate the cyber risk.

Webinar 4: Legislative and Regulatory Frameworks

This Webinar will discuss how Member States can use computer security legislation and regulation to deliver a computer security in a nuclear security regime. This presentation will outline a State’s organisational structure with roles and responsibilities to meet computer security requirements, and the relationships between the different organisations (competent authorities, owners and operators, nuclear facilities, and third-party supplies) and their roles and responsibilities to build Computer Security Programmes. Each organisation has a responsibility for computer security and this presentation will discuss different approaches to collectively build a computer security into a State’s nuclear security regime.

Webinar 5: Functions and Security Levels

A fundamental concept in nuclear security is the Graded Approach, which for computer security means applying resources in proportion to the consequences of successful cyber attack. This webinar will explain how Facility Functions and Security Levels can be used to deliver a Graded Approach to computer security. This webinar will use practical examples to illustrate the use of these key concepts. The next webinar  in this series (on August 25, 2020) will build on this to explain the associated concepts of zones and systems. .

Webinar 6: Zones and the Defensive Computer Security Architecture

This webinar focus on a defensive computer security architecture and security zones to protect critical functions including computer-based systems that need to be protected from compromise and/or failure due to the consequences that would result in a failure situation. This webinar discuss the arrangement of computer-based systems according security requirements (security levels), and using security zones to provide security controls to protect those critical function from compromise and/or failure.

Webinar 7: Technical Vulnerability Management

Vulnerabilities provide opportunities for threat actors (adversaries) to compromise the  confidentiality, integrity or availability of mission-critical systems. These vulnerabilities, when exploited, allow the adversary to complete activities within their attack campaign and/or accomplish their goal. Vulnerabilities exist within critical information infrastructures at many levels including information, assets, networks, applications and devices as well as within the operational and procedural elements specific to personnel. The identification and management of cyber vulnerability is critical to an organization’s risk management process since it allows them to identify, analyse and prioritize specific areas of weakness that can be used by an adversary to target and attack mission-critical systems. In this course the student will be introduced to the broad range of vulnerabilities that can exist within an organization, learn how those vulnerabilities contribute to cyber risk and how to evaluate, prioritize and mitigate those vulnerabilities. Students will learn how seemingly disparate and unrelated vulnerabilities can contribute to the adversary attack plan and how the identification, management and mitigation of those vulnerabilities can greatly improve the organizational cyber risk profile.