Webinar 1: Building Awareness and Advancing Research in Computer Security for Nuclear Security
This NucSecCyber Webinar was held on January 20, 2021 (Wed) at 14:00 Vienna time (UTC+01:00)
Computer Security for Nuclear Security is a global concern. To promote participation and collaboration of leading international research organizations in this field, the IAEA brought together 17 institutions from 13 countries to address research challenges that improve computer security capabilities at nuclear facilities.
The Coordinated Research Project (CRP) “Enhancing Computer Security Incident Analysis at Nuclear Facilities” has produced innovative approaches and toolsets that will be available to all Member States on request.
In this webinar, researchers that collaborated in the CRP will present an overview of the project’s core findings and advancements that will support Member States’ awareness activities and research initiatives in computer security for nuclear facilities. These include the development of simulation tools, anomaly-based intrusion detection techniques and cyber-attack scenarios that have been supporting research, training and academic studies in many countries.
Speakers:
- Paul Smith
- Ricardo Paulino Marques
- Fan Zhang
Webinar 2: Delivery of Immersive Simulated Environments for Research, Training, and Exercises
This NucSecCyber Webinar was held on February 17, 2021 (Wed) at 14:00 Vienna time (UTC+01:00)
Nuclear Power Plants (NPPs) are among the most complex energy systems ever built and their design and operation increasingly relies on a myriad of computer-based systems. Therefore, computer security for nuclear security is a critical concern that requires research attention. To enable this research, participants in the Coordinated Research Project (CRP) “Enhancing Computer Security Incident Analysis at Nuclear Facilities” developed testbeds that are representative of NPP environments. These activities were centered on a hypothetical and technology-neutral Pressurized Water Reactor (PWR) facility, called Asherah, which was defined based on several existing NPP designs.
To be able to examine the facility impacts of cyber-attacks to nuclear facilities, one of the major CRP products is the Asherah NPP Simulator (ANS) that was specifically designed for cyber security research and training with software- and hardware-in-the-loop capabilities. ANS also allows, for example, the investigation of threat scenarios, measuring the effectiveness of defensive computer security measures, and the assessment of the facility impact of a system being compromised.
In this webinar, researchers will present the main simulation tools and testbeds that have been developed by the CRP team to support the IAEA and Member States’ immersive research and training activities in computer security for nuclear facilities.
Speakers:
- Deeksha Gupta
- Ricardo Paulino Marques
- Jae-gu Song
Webinar 3: Generation of Threat Scenarios with Operational Consequences for Nuclear Facilities
This NucSecCyber Webinar was held on March 17, 2021 (Wed) at 14:00 Vienna time (UTC+01:00)
The effective application of computer security measures in nuclear facilities depends on an understanding of threats and vulnerabilities. Moreover, evaluating the effectiveness of measures depends on realistic threat scenarios.
To support the evaluation of their research findings, participants in the Coordinated Research Project (CRP) “Enhancing Computer Security Incident Analysis at Nuclear Facilities” explored the generation of cyber-threat scenarios, including specific techniques, which could lead to the compromise of computer-based systems in nuclear facilities. The techniques and tools that were used to develop these scenarios can be used by practitioners in Member States to generate threat scenarios, for various purposes, including computer security assessment and exercise scenario generation.
The studies carried out in the CRP analyzed information about the capabilities, opportunities and intent of adversaries that could target nuclear facilities, resulting in the generation of open-source descriptions of tactics, techniques, and procedures that are associated with computer-based systems at nuclear facilities.
In this webinar, researchers will present results of CRP activities that are related to the identification of threats and vulnerabilities, which are faced by the nuclear industry, as well as the generation of cyber-threat scenarios that are designed to evaluate computer security measures.
peakers:
-
Christopher Spirito
- Paul Smith
-
Jakub Suchorab
-
Krystian Szefler
-
Robert Altschaffel
-
Kevin Lamshöft
-
Jackson Wynn
Webinar 4: Tailoring Computer Security Detection Techniques to Nuclear Facilities
This NucSecCyber Webinar will be held on April 21, 2021 (Wed) at 14:00 Vienna time (UTC+01:00)
Adversaries are becoming more sophisticated and their cyber capabilities present increasing challenges in detecting intrusions. Intrusions can be defined as an unauthorized event that could be a threat to the confidentiality, integrity or availability of information and systems. Therefore, the Coordinated Research Project (CRP) “Enhancing Computer Security Incident Analysis at Nuclear Facilities” investigated the development of several tools and techniques that can be used to detect adversarial behaviour at nuclear facilities.
The results of this CRP help the identification of any significant deviation from the network traffic and process baselines, which can be interpreted as an intrusion, and provide an overview of intrusions detection systems that may be effective means of detecting advanced and persistent threats intent on compromising.
In this webinar, researchers will present the results of CRP activities related to new means of detecting computer security threats, developed using machine learning, statistical-based or knowledge-based methods, and tested using a simulation of a hypothetical nuclear facility.
Speakers:
-
Fan Zhang
-
David Allison
-
Wen SI