Technical Meeting on
Engineering and Design Aspects of
Computer Security for
Instrumentation and Control Systems at
Nuclear Power Plants
Hosted by the
Government of Germany
through the
Institute for Safety Technology (ISTec)
Garching, Germany
3–5 September 2014
Ref. No: 621-I2-TM-47145
Information Sheet
Background
Historically, computer security has not been given significant consideration in the design of
instrumentation and control (I&C) systems at nuclear power plants (NPPs) because these systems have
traditionally been invulnerable to cyberattacks due to rigid (i.e. hardwired or analogue)
implementation, segregation, independence, redundancy and diversity, as well as a general absence of
interactive communications (especially with external networks). However, the transition to digital
technology has changed the nature of these systems by enabling extensive interconnection of
reprogrammable, functionally interdependent I&C systems. This development — especially in the
Page 2
light of recent cyberattacks such as the Stuxnet virus — has made computer security a necessary
element for consideration in I&C system design. Malicious attacks on these systems could have
serious effects on plant safety, which in turn could lead to severe and unacceptable consequences.
Also, particularly in countries where nuclear power represents a significant part of electricity
production, the availability and performance of NPPs can be of vital economic and societal interest.
In addition to the digital implementation itself, the design process consists of life cycle phases in
which vulnerabilities can exist, e.g. through the compromise of design or testing tools. Defensive
design measures that have been developed to ensure deterministic performance and reliable
functionality can be adapted to also address prevention or mitigation of cyberthreats. Thus, computer
security must be explicitly considered as part of the system design and also through provisions and
protections established for the design and development process.
The International Atomic Energy Agency (IAEA) has been active in the field of digital system
reliability and computer security for a long time in order to respond to growing concerns and demand
for assistance. The IAEA seeks to address the security concerns for I&C systems partly through the
development of relevant guidance material. In this respect, the IAEA is currently preparing a new
IAEA Nuclear Security Series publication entitled Computer Security Controls for Instrumentation
and Control Systems at Nuclear Facilities, which discusses computer security issues that should be
addressed during the life cycle of digital I&C systems applied at nuclear facilities.
Objectives
The purpose of this meeting is to serve as an international forum for sharing best practices and
strategies used in the engineering and design of computer security measures for I&C systems at NPPs,
as well as for discussing the challenges and issues that need to be resolved in this area.
The meeting has the following primary objectives:

To provide an international forum for presentations and discussions on the subject of the
meeting;

To address the application of computer security controls to I&C systems at NPPs;

To strengthen Member States’ capabilities for improved understanding of the engineering and
design aspects of computer security;

To promote the establishment of a computer security culture;

To disseminate the experience that was captured while developing the new IAEA Nuclear
Security Series publication entitled Computer Security Controls for Instrumentation and
Control Systems at Nuclear Facilities; and

To support the IAEA in defining future activities in the field of secure system designs for I&C
systems at NPPs.
Page 3
Topics
Presentations are invited on all approaches that are related to engineering and design aspects of
computer security for I&C systems at NPPs. The following list provides examples of presentation
topics that would be appropriate for the meeting:

Computer security goals for I&C systems at NPPs: confidentiality, integrity, and availability
of data and functions

Design drivers for security

Existing standards and guidance for computer security relevant to NPPs

Baseline computer security design measures for I&C systems at NPPs

Design of features that implement both computer security controls and safety strategies

Potential impact of computer security on I&C systems and vice versa

Design considerations to address detection, response, mitigation and recovery from
cyberattacks on I&C systems and to verify system integrity both during and after a cyberattack

Human factors engineering issues, including human–system interface design

Metrics for measuring security in the design and implementation of I&C systems

Design reviews for security

Control of the development environment and processes

Tests and evaluation addressing functional and security aspects

Computer security for maintenance tools (e.g. calibrators, software updates, configuration
management)

Technology dependencies, e.g. computer- vs. field programmable gate array-based systems

Security specifications for procured I&C systems

Computer security design considerations for new-builds and plant modernization, as well as
for securing legacy systems

Best practices in the management of computer security for I&C systems, security in the I&C
lifecycle, considerations for vendor and third party supported services
Participation
Participation is solicited from representatives of NPPs and regulatory bodies, utilities, technical
support organizations, developers, vendors, research organizations and international organizations
engaged in the field of I&C system security for NPPs. To ensure maximum effectiveness in the
exchange of information, participants should be persons actively involved in the design, regulation
and/or application of computer security measures for digital I&C systems at NPPs.
Page 4
Application Procedure
Designations should be submitted using the attached Participation Form. Completed forms should be
endorsed by the competent national authority (e.g. Ministry of Foreign Affairs, Permanent Mission to
the IAEA, or National Atomic Energy Authority) and returned through the established official
channels. They must be received by the IAEA not later than 30 June 2014. Designations received after
that date or applications sent directly by individuals or by private institutions cannot be considered.
Designating Governments will be informed in due course of the names of the selected candidates and
at that time full details will be given on the procedures to be followed with regard to administrative
and logistic matters.
The meeting is, in principle, open to all officially designated persons. The IAEA, however, reserves
the right to limit participation due to limitations imposed by the available facilities. The maximum
number of participants for this meeting is 45. It is, therefore, recommended that interested persons take
the necessary steps for the official designation as early as possible.
Visas
Designated participants who require a visa to enter Germany should submit the necessary application
to the nearest diplomatic or consular representative of Germany as soon as possible.
Expenditure
The costs of the meeting are borne by the host organization; no registration fee is charged to
participants. Travel and subsistence expenses of participants will have to be borne in general by their
designating Governments/organizations. The IAEA has, however, limited funds at its disposal to help
meet the cost of attendance of certain participants. Such assistance may be offered upon specific
request to normally one participant per country provided that, in the IAEA’s view, the participant on
whose behalf assistance is requested will make an important contribution to the meeting. The
application for financial support should be made at the time of designating the participant.
The organizers of the meeting do not accept liability for the payment of any cost or compensation that
may arise from damage to or loss of personal property, or from illness, injury, disability or death of a
participant while he/she is travelling to and from or attending the meeting, and it is clearly understood
that each Government, in designating participants, undertakes responsibility for such coverage.
Governments would be well advised to take out insurance against these risks.
Presentations
Presentations should be prepared as Microsoft PowerPoint (.ppt) or Portable Document Format (.pdf)
files. Computer-based projection facilities will be provided. Authors are requested to provide the
Page 5
Scientific Secretaries with electronic copies of their presentation files in advance of their scheduled
presentation slot so that the files can be duly uploaded. Electronic versions of the presentations are
also necessary to ensure timely issuance of the proceedings to be prepared and distributed in electronic
form.
It is not mandatory for all participants to submit a presentation. However, the IAEA welcomes and
encourages contributions in this format. Time for the presentations will be limited to 25 minutes
followed by a 5-minute discussion period.
Working Language
The working language of the meeting will be English; no interpretation will be provided.
Local Arrangements
The meeting will be held at the premises of the Institute for Safety Technology (ISTec), specifically at
ISTec’s Garching Research Centre (Boltzmannstraße 14, 85748 Garching, Germany), and will start on
Wednesday, 3 September 2014, at 9.30 a.m. and end at 2.00 p.m. on Friday, 5 September 2014.
The meeting agenda, together with information on local arrangements, will be sent to designated
participants once the completed Participation Forms have been received.
The local representative of ISTec will be Mr Arndt Lindner.
Contact details:
Mr Arndt Lindner
Head of the Qualification Department
Institute for Safety Technology (ISTec)
Garching Research Centre
Boltzmannstraße 14
85748 GARCHING
GERMANY
Tel.: +49 89 32004 529
Fax: +49 89 32004 300
Mobile: +49 175 5878655
Email: Arndt.Lindner@istec-gmbh.de
Administrative assistance:
Ms Doris Seidenschwarz
Tel.: + 49 89 32004 541
Email: Doris.Seidenschwarz@istec-gmbh.de
Page 6
Accommodation
The host organization, ISTec, has made hotel room reservations at the Hotel König Ludwig II
(www.hkl.de) and the Ibis Munich Garching Hotel (http://www.accorhotels.com/gb/hotel-3679-ibismunchen-garching/index.shtml). Please use for booking at the Hotel König Ludwig II the keyword
“TENT-ISTEC 02092014 IAEA”, and for booking at the Ibis Munich Garching Hotel the keyword
“IAEA”. For additional details see the attachments. Participants are requested to book their rooms
themselves using the information given in the attachments. Ms Seidenschwarz will assist registered
participants in making hotel room reservations if needed. Additionally, participants may elect to make
their own bookings at other hotels (including the city of Munich, from where there is a subway
connection [Line U6] to Garching taking about 20 minutes).
IAEA Secretariat
The IAEA Scientific Secretaries for the meeting are Mr Janos Eiler of the Department of Nuclear
Energy and Mr Donald Dudenhoeffer of the Department of Nuclear Safety and Security. Their contact
details are:
Mr Janos Eiler
Nuclear Power Engineering Section
Department of Nuclear Energy
International Atomic Energy Agency
Vienna International Centre
PO Box 100
1400 VIENNA
AUSTRIA
Mr Donald D. Dudenhoeffer
Division of Nuclear Security
Department of Nuclear Safety and Security
International Atomic Energy Agency
Vienna International Centre
PO Box 100
1400 VIENNA
AUSTRIA
Tel.: +43 1 2600 21982
Fax: +43 1 2600 29598
Email: J.Eiler@iaea.org
Tel.: +43 1 2600 26424
Fax: +43 1 2600 29299
Email: D.Dudenhoeffer@iaea.org
Administrative assistance:
Ms Olga Arkhipova
Tel.: +43 1 2600 22804
Email: O.Arkhipova@iaea.org
Ms Camilla Semper
Tel.: +43 1 2600 26635
Email: C.Semper@iaea.org
Subsequent correspondence on scientific matters should be sent to either of the Scientific Secretaries
and correspondence on other matters related to the meeting to either of the Administrative Secretaries.