IAEA International Training Course on Conducting Computer Security Assessments at Nuclear Facilities

15.09.2021 Within the period of September 6-10, 2021 the IAEA International Training Course on Conducting Computer Security Assessments at Nuclear Facilities was conducted in a semi-digital format: the representatives of the Russian Team took part in the event in situ of the Rosatom Technical Academy in Obninsk, while the IAEA coaches and foreign specialists communicated through the video conference.

Computer security becomes more widely recognized as a key component of nuclear security. It is anticipated that in progress with technologies development the use of computers and computer systems will grow in all aspects of nuclear facilities operation, including safety and security systems. The process of a faithful overall assessment can help in increasing the efficiency of a nuclear facility computer security program.

Computer security is a specific aspect of a cybersecurity, referring to computer systems, networks and digital systems (IAEA Nuclear Security Series, No. 17 "Computer Security at Nuclear Facilities").

Involved in practical exercises the participants of the Course estimated the computer security of an optional nuclear facility and suggested response measures to eliminate the detected shortcomings. The methodology of computer security assessments at nuclear facilities, described in the IAEA document TDL-006 “Conducting Computer Security Assessments at Nuclear Facilities”, was taken as the basis for the practical exercises. According to the results of successful implementation of all exercises of the Course and defence of the final report in the presence of the IAEA experts, the participants were awarded by the Certificates on successful training under the Course program.

The methodology applied in the Training Course can be used for both external assessments and internal self-assessments. Moreover, the assessment can be used to reveal good practices the concerned parties to be informed about for taking measures to increase the efficiency of computer security systems. Regular conduct of such assessments together with prompt taking of corrective measures are significant for the cybersecurity.