CFP last date
20 January 2025
Reseach Article

Systematic Approach to Awareness Training at Slovenian Nuclear Safety Administration

by Samo Tomažič, Matej Mertik, Tadej Šeruga
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 185 - Number 3
Year of Publication: 2023
Authors: Samo Tomažič, Matej Mertik, Tadej Šeruga
10.5120/ijca2023922686

Samo Tomažič, Matej Mertik, Tadej Šeruga . Systematic Approach to Awareness Training at Slovenian Nuclear Safety Administration. International Journal of Computer Applications. 185, 3 ( Apr 2023), 30-36. DOI=10.5120/ijca2023922686

@article{ 10.5120/ijca2023922686,
author = { Samo Tomažič, Matej Mertik, Tadej Šeruga },
title = { Systematic Approach to Awareness Training at Slovenian Nuclear Safety Administration },
journal = { International Journal of Computer Applications },
issue_date = { Apr 2023 },
volume = { 185 },
number = { 3 },
month = { Apr },
year = { 2023 },
issn = { 0975-8887 },
pages = { 30-36 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume185/number3/32686-2023922686/ },
doi = { 10.5120/ijca2023922686 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:25:11.291132+05:30
%A Samo Tomažič
%A Matej Mertik
%A Tadej Šeruga
%T Systematic Approach to Awareness Training at Slovenian Nuclear Safety Administration
%J International Journal of Computer Applications
%@ 0975-8887
%V 185
%N 3
%P 30-36
%D 2023
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Social engineering techniques are a type of cyber-attack that exploit human nature and behavior. One of such techniques is phishing. Phishing attacks include spear phishing, whaling, smishing and vishing, and they are on the rise. Malicious actors target general population, business environments and critical infrastructure. Nuclear sector is a part of state critical infrastructure and must be protected according to national regulations and international standards or guidelines. Nuclear facility operators, regulators, suppliers, and technical support organizations in Slovenia are ensuring cyber security is on the highest possible level. One way they do this is by making sure that people, who are the weakest link, are aware of the potential consequences of a successful compromise. When conducting the research study presented in this paper, a descriptive method was applied to review publicly available legislation and regulations, international standards, guides, and best practices. Based on the analysis, training program and phishing tests were developed. After completion of the trainings and conducted phishing test, the data was collected, and development of the Systematic Approach to Awareness Training (SAAT) by Slovenian nuclear safety regulator Slovenian Nuclear Safety Administration (SNSA) has begun. This paper presents the results of the research in a form of five essential elements of the SAAT (Figure 1): awareness policy, preparation, implementation, lessons learned and a feedback loop.

References
  1. Tomažič, S., Dobovšek, B. and Bernik, I. (2018). Nuclear sector: I have nothing important on my computer, or do I?. In G. Meško, B. Lobnikar, K. Prislan and R. Hacin, Criminal justice and security in Central and Eastern Europe: From common sense to evidence-based policy-making: Conference proceedings, 361 – 369. Ljubljana: Faculty for criminal justice and security.
  2. SI-CERT (Slovenian Computer Emergency Response Team): Annual Report (2021): Available from: https://www.cert.si/wp-content/uploads/2022/08/Porocilo-o-kibernetski-varnosti-2021_splet.pdf
  3. Rizzoni, F., Magalini, S., Casaroli, A., Mari, P., Dixon, M., & Coventry, L. (2022). Phishing simulation exercise in a large hospital: A case study. Digital Health, 8, 20552076221081716.
  4. Lain, D., Kostiainen, K. and Capkun, S. (2021). Phishing in Organizations: Findings from a Large-Scale and Long-Term Study, ETH Zurich, https://doi.org/10.48550/arXiv.2112.07498.
  5. International Atomic Energy Agency: Nuclear Security Series No. 13 – Nuclear Security Recommendations on Physical Protection of Nuclear Material and Nuclear Facilities (INFCIRC/225/Revision 5): Recommendations (2011). Available from: https://www-pub.iaea.org/MTCD/Publications/PDF/Pub1481_web.pdf
  6. Falliere, N., O Murchu, L. and Chien, E. (2011). W32.Stuxnet.Dossier, Version 1.4 (February 2011). Cupertino: Symantec. Available from: https://docs.broadcom.com/doc/security-response-w32-stuxnet-dossier-11-en
  7. Tomazic, S. and Bernik, I. Cyberattack Response Model for the Nuclear Regulator in Slovenia. J.UCS, Volume 25, Issue 11, 1437 - 1457.
  8. International Atomic Energy Agency: International Nuclear Safety and Security in Ukraine (2023). Available from: https://www.iaea.org/nuclear-safety-and-security-in-ukraine
  9. International Atomic Energy Agency: Nuclear Security Series No. 42-G – Computer Security for Nuclear Security: Implementing Guides (2021). Available from: https://www-pub.iaea.org/MTCD/Publications/PDF/PUB1918_web.pdf
  10. International Atomic Energy Agency: Computer Security Approaches to Reduce Cyber Risks in the Nuclear Supply Chain (2022). Available from: https://www-pub.iaea.org/MTCD/Publications/PDF/TDL-011web.pdf
  11. Slovenian Nuclear Safety Administration: Annual Report (2021). Available from: https://www.gov.si/assets/organi-v-sestavi/URSJV/Dokumenti/Letna-porocila/2021/URSJV_LP_ang_2021.docx
  12. Carvallo, J. D. and Gravener, M. D. (2019). Assessing Cybersecurity Risks to the Electric Power System Using the EPRI Threat Agent Methodology. IEEE Transactions on Power Systems, 34(5), 3907-3916. doi: 10.1109/TPWRS.2019.2913639.
  13. /
  14. Fig 1: Systematic Approach to Awareness Training at SNSA
Index Terms

Computer Science
Information Sciences

Keywords

Nuclear Cyber Security Awareness Social Engineering Phishing