CFP last date
20 February 2025
Call for Paper
March Edition
IJCA solicits high quality original research papers for the upcoming March edition of the journal. The last date of research paper submission is 20 February 2025

Submit your paper
Know more
The week's pick
Responsive image
Adaptive Congestion Control Protocol based on Meta-Reinforcement Learning for Data Communication Networks

Mugoh Mwaura Stephen Kiambi Hezekiah Nganga
Random Articles
Reseach Article

Conducting Cybersecurity Regulatory Inspections at Nuclear Facilities

by Samo Tomažič, Trent Nelson, Tadej Šeruga
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 186 - Number 12
Year of Publication: 2024
Authors: Samo Tomažič, Trent Nelson, Tadej Šeruga
10.5120/ijca2024923510

Samo Tomažič, Trent Nelson, Tadej Šeruga . Conducting Cybersecurity Regulatory Inspections at Nuclear Facilities. International Journal of Computer Applications. 186, 12 ( Mar 2024), 17-24. DOI=10.5120/ijca2024923510

@article{ 10.5120/ijca2024923510,
author = { Samo Tomažič, Trent Nelson, Tadej Šeruga },
title = { Conducting Cybersecurity Regulatory Inspections at Nuclear Facilities },
journal = { International Journal of Computer Applications },
issue_date = { Mar 2024 },
volume = { 186 },
number = { 12 },
month = { Mar },
year = { 2024 },
issn = { 0975-8887 },
pages = { 17-24 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume186/number12/conducting-cybersecurity-regulatory-inspections-at-nuclear-facilities/ },
doi = { 10.5120/ijca2024923510 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-03-27T00:44:31.508377+05:30
%A Samo Tomažič
%A Trent Nelson
%A Tadej Šeruga
%T Conducting Cybersecurity Regulatory Inspections at Nuclear Facilities
%J International Journal of Computer Applications
%@ 0975-8887
%V 186
%N 12
%P 17-24
%D 2024
%I Foundation of Computer Science (FCS), NY, USA
Abstract

The research paper delves into the domain of conducting cybersecurity inspections at nuclear facilities, addressing the escalating need for high protection in an era of digitalization of safety, security and emergency preparedness systems at nuclear facilities, and increasing internal and external cyber threats. Nuclear facilities stand as prime targets due to their potential catastrophic consequences if their functions were compromised. Drawing on national legislations, industry standards, best practices, and test inspection, this paper outlines a structured inspection methodology tailored to nuclear facilities for cybersecurity. This methodology encompasses an inspection guide which includes three inspection techniques (document review, interviews, and direct observations), seven key cybersecurity regulation elements (cybersecurity program, identification of functions, systems and critical digital assets, risk management, protection of a system function, change management, supply chain, incident response) and their control objectives, and applicable international guides to be used to conduct the inspection. In conclusion, the paper underscores that effective cybersecurity inspections in nuclear facilities are paramount to national and global security.

References
  1. Samo Tomažič and Igor Bernik, ‘Cyberattack Response Model for the Nuclear Regulator in Slovenia’, 2019, doi: 10.3217/JUCS-025-11-1437.
  2. J. A. Bullock, G. D. Haddow, and D. P. Coppola, ‘Cybersecurity and critical infrastructure protection’, in Introduction to Homeland Security, Elsevier, 2021, pp. 425–497. doi: 10.1016/B978-0-12-817137-0.00008-0.
  3. [International Atomic Energy Agency, Nuclear security recommendations on physical protection of nuclear material and nuclear facilities: INFCIRC/225/Revision 5. in IAEA nuclear security series Recommendations, no. 13. Vienna: International Atomic Energy Agency, 2011. [Online]. Available: https://www-pub.iaea.org/MTCD/Publications/PDF/Pub1481_web.pdf
  4. SI-CERT, ‘SI-CERT (Slovenian Computer Emergency Response Team): Annual Report (2022)’, Slovenian Computer Emergency Response Team, Ljubljana, 2023. [Online]. Available: https://www.cert.si/wp-content/uploads/2023/06/Porocilo-o-kibernetski-varnosti_2022_web-1.pdf
  5. ‘Slovenian Nuclear Safety Administration: Rules on radiation and nuclear safety factors (2016)’. 2016. [Online]. Available: http://www.pisrs.si/Pis.web/pregledPredpisa?id=PRAV12796
  6. M. W. Sunseri, ‘PROPOSED DRAFT REGULATORY GUIDE 5.71, REVISION 1, “CYBER SECURITY PROGRAMS FOR NUCLEAR POWER REACTORS”’, Dec. 16, 2021. [Online]. Available: https://www.nrc.gov/docs/ML2134/ML21342A263.pdf
  7. IAEA, Conducting computer security assessments at nuclear facilities. Vienna: International Atomic Energy Agency, 2016. [Online]. Available: https://www-pub.iaea.org/MTCD/Publications/PDF/TDL006web.pdf
  8. IAEA, Computer Security for Nuclear Security. Vienna: IAEA, 2021. [Online]. Available: https://www-pub.iaea.org/MTCD/Publications/PDF/PUB1918_web.pdf
  9. A. Buzdugan and A. Buzdugan, ‘The Synergy Between Cyber and Nuclear Security. Case Study of Moldova’, in Functional Nanostructures and Sensors for CBRN Defence and Environmental Safety and Security, A. Sidorenko and H. Hahn, Eds., in NATO Science for Peace and Security Series C: Environmental Security. , Dordrecht: Springer Netherlands, 2020, pp. 223–231. doi: 10.1007/978-94-024-1909-2_16.
  10. Dr. Y. Perwej, S. Qamar Abbas, J. Pratap Dixit, Dr. N. Akhtar, and A. Kumar Jaiswal, ‘A Systematic Literature Review on the Cyber Security’, int.jour.sci.res.mana., vol. 9, no. 12, pp. 669–710, Dec. 2021, doi: 10.18535/ijsrm/v9i12.ec04.
  11. A. Ayodeji, M. Mohamed, L. Li, A. Di Buono, I. Pierce, and H. Ahmed, ‘Cyber security in the nuclear industry: A closer look at digital control systems, networks and human factors’, Progress in Nuclear Energy, vol. 161, p. 104738, Jul. 2023, doi: 10.1016/j.pnucene.2023.104738.
  12. I. Onyeji, M. Bazilian, and C. Bronk, ‘Cyber Security and Critical Energy Infrastructure’, The Electricity Journal, vol. 27, no. 2, pp. 52–60, Mar. 2014, doi: 10.1016/j.tej.2014.01.011.
  13. C. Baylon, R. Brunt, and D. Livingstone, Cyber security at civil nuclear facilities: understanding the risks. London: Chatham House, 2015.
  14. F. Zhang, ‘Nuclear power plant cybersecurity’, in Nuclear Power Plant Design and Analysis Codes, Elsevier, 2021, pp. 495–513. doi: 10.1016/B978-0-12-818190-4.00021-8.
  15. G. Boyne, P. Day, and R. Walker, ‘The Evaluation of Public Service Inspection: A Theoretical Framework’, Urban Studies, vol. 39, no. 7, pp. 1197–1212, Jun. 2002, doi: 10.1080/00420980220135563.
  16. I. Sirc and N. Ledinek, ‘2021 Annual Report on Radiation and Nuclear Safety in the Republic of Slovenia’, Slovenian Nuclear Safety Administration, Ljubljana, Jan. 2023. [Online]. Available: https://www.gov.si/assets/organi-v-sestavi/URSJV/Dokumenti/Letna-porocila/2021/URSJV_LP_ang_2021.docx
  17. IAEA, Developing Regulations and Associated Administrative Measures for Nuclear Security: Implementing Guide. Vienna: IAEA, 2018.
  18. G. Caruso, ‘Regulatory requirements and practices in nuclear power programmes’, in Infrastructure and Methodologies for the Justification of Nuclear Power Programmes, Elsevier, 2012, pp. 94–125. doi: 10.1533/9780857093776.1.94.
  19. National Institute of Standards and Technology, ‘Cybersecurity White Paper: EO Response’, 2022. doi: 10.6028/NIST.CSWP.02042022-2.
  20. IAEA Nuclear Safety and Security Glossary. in Non-serial Publications. Vienna: INTERNATIONAL ATOMIC ENERGY AGENCY, 2022. [Online]. Available: https://www.iaea.org/publications/15236/iaea-nuclear-safety-and-security-glossary
  21. C. Glantz et al., Cyber Security Self-Assessment Method for U.S. Nuclear Power Plants, NUREG/CR-6847, vol. 2004. 2004. [Online]. Available: https://adamswebsearch2.nrc.gov/webSearch2/main.jsp?AccessionNumber=ML15111A054
  22. G. P. Landine, C. S. Glantz, and G. A. Coles, ‘A PROVEN APPROACH FOR EFFECTIVE COMPUTER SECURITY SELF-ASSESSMENTS AT NUCLEAR FACILITIES’, Mar. 2020, [Online]. Available: https://www.osti.gov/biblio/1604145
  23. International Atomic Energy Agency, International Physical Protection Advisory Service (IPPAS) Guidelines. in IAEA services series. IAEA, 2014. [Online]. Available: https://books.google.si/books?id=s4feuQEACAAJ
  24. T. W. Edgar and D. O. Manz, Research Methods for Cyber Security. 2017, p. 404.
Index Terms

Computer Science
Information Sciences

Keywords

Nuclear sector Nuclear facilities Cybersecurity Inspections Regulations

Powered by PhDFocusTM