Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

C. Price, UK - Nuclear Safety and Security

advertisement 
Health and Safety
Executive
Integrated Protection for
Nuclear Facilities:
Physical, Cyber and
Information Protection
Chris Price
INTEGRATION
The physical protection system of a nuclear
facility should be integrated and effective against
both sabotage and unauthorised removal
Appropriate physical protection measures should
be designed based on the more stringent
applicable requirements and implemented for
both in an integrated manner
INFCIRC/225/Rev.5, paragraphs 4.9 and 5.3
RISK
THREAT
+
VULNERABILITY
+
CONSEQUENCES
THREAT
Intention + Capability
Threat Assessment:
Of Unauthorised Removal and Sabotage
Assisted by Unauthorised Access to
Sensitive Information and Cyber Attack
Carried out by External Attackers and
Insiders
DESIGN BASIS THREAT
•
•
•
•
•
Group Size
Equipment
Capability
Tactics
Attack methodology
TARGET IDENTIFICATION AND
POTENTIAL CONSEQUENCES (1)
Unauthorised Removal of Nuclear and
other Radioactive Material
Nuclear Material Accountancy
Register of Radioactive Sources
Categorisation Tables
TARGET IDENTIFICATION AND
POTENTIAL CONSEQUENCES (2)
Sabotage of Nuclear and Other
Radioactive Material/Facilities
Define Unacceptable Radiological
Consequences (URC) using Graded
Approach
Determine whether Radioactive Inventory
has potential to result in URC
Identify material, equipment, systems and
devices
TARGET IDENTIFICATION AND
POTENTIAL CONSEQUENCES (3)
Unauthorised Access to Sensitive
Information/Cyber Attack
Sensitive Information – Classification Policy
Information and Communications Technology
(ICT) Systems/Instrument and Control (IC)
Systems –
Loss of Confidentiality, Integrity and Availability
Impact on Security and Safety Systems
VULNERABILITY ASSESSMENT (1)
Unauthorised Removal of Category I
Nuclear Material + Sabotage of High
Consequence Material/Systems –
Against DBT
VULNERABILITY ASSESSMENT (2)
Unauthorised Removal of other material +
Sabotage of other material/systems +
Compromise of Sensitive Information and
ICT/IC Systems Against DBT or
Threat Assessment
Physical Protection design Objectives
and/or Levels of Protection
Detect DBT
SECURITY PLAN
Integrated set of technical and
organisational measures
Utilising Defence in Depth
To protect against attack
Including predefined response actions
To effectively counter attempted
unauthorised removal or sabotage
INTEGRATED MEASURES
Physical measures – access control,
alarm monitoring etc
Security Culture – training and education
Personnel Security measures
Investigation of Security Events – impact
assessment
Sustainability – testing, change
management
Exercises
CONCLUSIONS
Physical Protection is a “Package”
Attackers exploit vulnerabilities
All Fundamental Principles in the CPPNM
apply equally to Information/Cyber
Security
Related documents
Introduction
Introduction
Computer Misuse Act
Computer Misuse Act
Task 1 Safe working practices in a business environment
Task 1 Safe working practices in a business environment
medical or dental appointments should be made outside school
medical or dental appointments should be made outside school
Teaching Controversial Topics in Physics Courses
Teaching Controversial Topics in Physics Courses
Slide 1 - Knowledge on Line
Slide 1 - Knowledge on Line
File
File
Need for New Approaches to Security PowerPoint
Need for New Approaches to Security PowerPoint
BTEC-Business-U4-A4
BTEC-Business-U4-A4
Nuclear HR Development in the EU (potential) Candidate Countries
Nuclear HR Development in the EU (potential) Candidate Countries
Stress Management - Dr. Fayose
Stress Management - Dr. Fayose
Adsorbent Approach to Contaminant Removal
Adsorbent Approach to Contaminant Removal
Download
advertisement