Scribd
Upload
112 views10 pages

3.4 Purvis Progress On Roadmap Computer Security

The document summarizes an IAEA briefing on nuclear security guidance committee publications related to information and computer security. It outlines several Nuclear Security Series publications that provide principles, recommendations, implementation guides, and technical details. It provides updates on upcoming publications including NST045 on computer security for nuclear security and NST047 on computer security techniques for nuclear facilities. Non-serial publications under development are also summarized related to topics like reducing cyber risks in the nuclear supply chain and conducting computer security exercises.

Uploaded by

Ariadnne Vargas Rivadeneira
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
112 views10 pages

3.4 Purvis Progress On Roadmap Computer Security

The document summarizes an IAEA briefing on nuclear security guidance committee publications related to information and computer security. It outlines several Nuclear Security Series publications that provide principles, recommendations, implementation guides, and technical details. It provides updates on upcoming publications including NST045 on computer security for nuclear security and NST047 on computer security techniques for nuclear facilities. Non-serial publications under development are also summarized related to topics like reducing cyber risks in the nuclear supply chain and conducting computer security exercises.

Uploaded by

Ariadnne Vargas Rivadeneira
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 10

Information and Computer Security

Publications Briefing

Nuclear Security Guidance Committee (NSGC)

16th Meeting, November 2019

Presenter:
Scott Purvis, Section Head
Information Management
Division of Nuclear Security
IAEA Nuclear Security Series Publications
Primary information and computer security publications references

Fundamentals (PRINCIPLES) – NSS20


• Objectives and principles
• Basis for Nuclear Security Recommendations
• Essentials from international instruments

Recommendations (WHAT) – NSS 13, 14, 15


• General approaches, actions, concepts and strategies
• Applications of Fundamentals
• Suggested Recommendations Level Computer Security Guidance – NST045 Annex

Implementing Guides (HOW) –


• NSS 23-G – Security of Nuclear Information
• NST045 - Computer Security for Nuclear Security

Technical Guides (DETAILS) –


• NST047 - Computer Security Techniques for Nuclear Facilities
• NSS17 – Computer Security for Nuclear Facilities (2011)
• NSS 33T - Computer Security for I&C Systems at Nuclear Facilities

Non-serial publications: • Computer Security Incident Response Planning – TDL-005


2
• Conducting Computer Security Assessments – TDL-006
Information and Computer Security for Nuclear Security
November 2019
IAEA Publications: Nuclear Security Series Documents & Others
NSS 20 Objective and essential of a State’s nuclear security regime
NSS Recommendations

NSS 13 NSS 14 NSS 15


Nuclear Material and Nuclear Radioactive Material and Nuclear and other Radioactive
Facilities Associated Facilities MORC
NSS Computer Security Implementing Guides

NSS 23-G - Security of Nuclear Information


NST045 (2020) - Computer Security for Nuclear Security

NSS Computer Security Technical Guides

NSS 17 - Computer Security Nuclear


Facilities (2011) Application in Graded Approach

NST047 - Computer Security


Application in Graded Approach
Techniques for Nuclear Facilities

NSS 33-T- Computer Security for I&C


Systems at Nuclear Facilities (2018) Application in Graded Approach

Documents Outside Nuclear Security Series

Conducting Computer Security Assessments (IAEA-TDL-006)

Incident Response Planning for Computer Security Events (IAEA-TDL-005)

Radioactive Material and Facilities Computer Security Considerations for


Detection and Response to nuclear
Computer Security Considerations for Physical Protection Systems security events (NSS15)

Conducting Computer Security Exercises for Nuclear Security


Reducing Cyber Risks in the Nuclear Industry Supply Chain

Development and Implementation of Computer Security Regulations for Nuclear Security Regimes
Computer Security for Nuclear
Security – NST045
Implementing Guide

NST045 progress update:


• Approved for Publication by the NSGC (July)
• Submitted to Publications process (25 July)
• Cleared the Plagiarism screening 14-10-2019
• To receive comments from Nov PC Mtg
• To be resubmitted ASAP
• Next step is editor assignment
Computer Security Techniques
for Nuclear Facilities– NST047

Technical Guide
NST047 progress update:
• Approved for Publication by the NSGC
• Formally Submitting to publications process
Computer Security for Radioactive
Sources and other Radioactive Material
Non-serial Publication
Purpose: Provide practical examples and detailed methods that can be used in
support of the Nuclear Security Series publications for preventing, protecting, and
mitigating the consequences of cyber attack against computer based systems
associated with the use, safety, and physical protection of radioactive sources that
are used in agriculture, industry, construction, medicine, mining, research, and
transportation.
Progress update:
• Developed working material in two Consultancy Meetings (CM)
• March 2019 - Scoping, develop outline, draft the DPP
• June 2019 - Completed the document structure and identified the key sections of the
document and working text was proposed
• Development Plans
• CM 3 – November 18-22
• Submit for publication in 2020
Reducing Cyber Risks in the Nuclear
Industry Supply Chain
Non-serial Publication
Purpose: Provide practical examples and detailed methods that can be used in
support of the Nuclear Security Series publications for reducing cyber risks in the
supply chain of nuclear security regimes. The publication will present suggested
approaches, procedures, and advice for evaluating existing programs, supply chain
arrangements and identifying appropriate risk reduction measures.

Progress update:
• Technical Meeting (TM) information exchange - June 2018
• Developed working material and initial drafts in two Consultancy
Meetings (CM)
• NSNS currently completing final draft
• Final CM TBD
• Submit for publication 1st half 2020
Conducting Computer Security Exercises
for Nuclear Security

Non-serial Publication
Purpose: Provide practical examples and detailed methods that can be
used in support of the Nuclear Security Series publications for preparing,
conducting, and evaluating computer security exercises to test
preparedness for protecting nuclear facilities against cyber-attack.

Progress update:
• Technical Meeting (TM) - information exchange – September 2018
• Developed working material in two Consultancy Meetings (CM)
• CM for additional working material – 16-20 November 2019
• Submit for publication 2020
Future Information and Computer Security
Publications
Non-serial Publications

• Computer Security Considerations for Detection and Response


Architectures (NSS15)

• Computer Security Considerations for Physical Protection Systems

• Development and Implementation of Computer Security Regulations


for Nuclear Security Regimes
Questions?

10

You might also like