Companies involved in the nuclear energy domain, like component and platform manufacturers, system integrators, and utilities, have well-established yearly trainings on Nuclear Safety Culture. These trainings are typically covered as part of the annual quality assurance-related refresher trainings, introductory courses for new employees, or indoctrinations of temporary staff. Gradually, security awareness trainings are also addressed on a regular basis, typically with a focus on information technology, the daily office work, test bay, or construction site work environment, and some data protection and privacy-related topics. Due to emerging national nuclear regulation, steadily but surely, specialized cybersecurity trainings are foreseen for integrators and utilities. Beyond these safety, physical security and cybersecurity specific trainings, there is a need to address the joint part of these disciplines, starting from the planning phase of a new nuclear power plant (NPP). The engineers working on safety, physical protection, and cybersecurity must be aware of these interrelations to jointly elaborate a robust instrumentation and control architecture (defense-in-depth, design basis events, functional categorization and systems classification) and a resilient security architecture (security by design, security grading, zone model or infrastructure domain, security conduits, forensic readiness, security information, and event management). This paper provides more in-depth justification of when and where additional training is needed, due to the ubiquitous deployment of digital technology in new NPPs. Additionally, for existing NPPs, the benefits of conveying knowledge by training on specific interfaces between the involved disciplines will be discussed. Furthermore, the paper will address the need of focused training of management stakeholders, as eventually, they must agree on the residual risk. The decision-makers are in charge of facilitating the interdisciplinary cooperation in parallel to the allocation of resources, e.g., on security certifications of products, extended modeling-based safety and security analyses and security testing coverage.

References

1.
IAEA
,
2010
, “
Nuclear Security Series No. 12: Educational Programme in Nuclear Security
,” International Atomic Energy Agency, Vienna, Austria, Report No. IAEA NSS 10.
2.
IAEA
,
2011
, “
Nuclear Security Series No. 13: Nuclear Security Recommendations on Physical
,” International Atomic Energy Agency, Vienna, Austria, Report No. IAEA NSS 13.
3.
IEC
,
2016
, “
Nuclear Power Plants—Instrumentation and Control Systems—Requirements for Coordinating Safety and Cybersecurity
,” International Electrotechnical Commission, Geneva, Switzerland, No. IEC 62859.
4.
Waedt
,
K.
, and
Ding
,
Y.
,
2015
, “
Safety and Cybersecurity Aspects in the Safety I&C Design for Nuclear Power Plants
,”
Third China (International) Conference on Nuclear Power I&C Technology (CCNPIC)
, Shanghai, China, Apr. 8–10, p. 12.
5.
Ding
,
Y.
,
2001
, “
Automation of an Entire Nuclear Power Plant, Taking Tianwan, China, as an Example
,”
WANO-Workshop Computer Based I&C-Systems Necessity for Continuous Improvement
.
6.
Xu
,
X.
,
Li
,
Y.
, and
Ding
,
Y.
,
2010
, “
Design Optimization and Operational Experiences of Digital Safety I&C in Tianwan NPP/China
,”
Symposium Digital Safety I&C,
Sept. 14–18.
7.
Graf
,
A.
,
2013
, “
From Safety Objectives to the I&C Design
,”
IAEA Workshop on Obsolescence Issues and Digital I&C Modernization Approaches in Buenos Aires
, Atucha, Argentina, Mar. 4.
8.
Ding
,
Y.
,
2014
,
Schutzzielorientiertes Design der Sicherheitsleittechnik
, Atp ed., Vol.
56
,
Vulkan Verlag
, Essen, Germany, pp.
54
61
.
9.
Waedt
,
K.
,
2012
, “
Establishing Cyber Security Programs for I&C Systems at Nuclear Facilities
,”
43rd Annual Meeting on Nuclear Technology
, Stuttgart, Germany, May 22–24, p. 6.
10.
Waedt
,
K.
,
Lillo
,
E.
, and
Zavarsky
,
P.
,
2015
, “
Identification of the Critical Components of an ICS and Options to Protect Them
,”
World Institute for Nuclear Security (WINS) Workshop on Effective Integration of Physical Protection and Cyber Security
, Vienna, Austria, Feb. 17–19.
11.
ISO/IEC
,
2011
, “
Information Technology—Security Techniques—Information Security Risk Management
,” International Organization for Standardization, Geneva, Switzerland, No. ISO/IEC 27005.
12.
IEC
,
2013
, “
Industrial Communication Networks—Network and System Security—Part 3-3: System Security Requirements and Security Levels
,” International Electrotechnical Commission, Geneva, Switzerland, No. IEC 62443-3-3.
13.
Waedt
,
K.
,
Kuskov
,
A.
, and
Zavarsky
,
P.
,
2014
, “
Domain Based Security (DBSy) Applied to a Safety I&C Example
,”
IAEA Technical Meeting on Engineering and Design Aspects of Computer Security for I&C Systems at NPPs
, Garching, Germany, Sept. 3–5.
14.
IAEA
,
2008
, “
Nuclear Security Series No. 8: Implementation Guidance, Preventive and Protective Measures Against Insider Threats
,” International Atomic Energy Agency, Vienna, Austria, Report No. IAEA NSS 8.
15.
IAEA
,
2011
, “
Nuclear Security Series No. 10: Implementation Guidance, Development and Use of Design Basis Threats
,” International Atomic Energy Agency, Vienna, Austria, Report No. IAEA NSS 10.
16.
IAEA
,
2008
, “
Nuclear Security Series No. 7, Implementation Guidance, Nuclear Security Culture
,” International Atomic Energy Agency, Vienna, Austria, Report No. IAEA NSS 7.
17.
Bajramovic
,
E.
, and
Gupta
,
D.
,
2016
, “
Providing Security Assurance in Line With National DBT Assumptions
,”
First Annual Women in Nuclear (WiN)
, Shah Alam, Malaysia, Aug. 8–10, Paper No. 050005.
18.
IEC
,
2014
, “
Nuclear Power Plants—I&C Systems—Requirements for Security Programmes for Computer-Based Systems
,” International Electrotechnical Commission, Geneva, Switzerland, Report No. IEC 62645.
19.
Bajramovic
,
E.
,
Waedt
,
K.
,
Ciriello
,
A.
, and
Gupta
,
D.
,
2016
, “
Project- and Plant-Specific Cybersecurity Awareness Training
,”
42nd Annual Meeting of the SNE
, Santander, Spain, Sept. 28–30, p.
8
.
20.
IAEA
,
2010
, “
A Report by International Nuclear Safety Group, the Interface Between Safety and Security at Nuclear Power Plants
,” International Atomic Energy Agency, Vienna, Austria, Report No. IAEA INSAG 24.
21.
Gupta
,
D.
, and
Bajramovic
,
E.
,
2016
, “
Security Culture for Nuclear Facilities
,”
First Annual Women in Nuclear (WiN)
, Shah Alam, Malaysia, Aug. 8–10, Paper No. 050014.
You do not currently have access to this content.