supporting physical protection systems
play

supporting physical protection systems in nuclear facilities IAEA - PowerPoint PPT Presentation

Jan 17, 2023 •336 likes •605 views

Considerations for deploying a security information and event management system supporting physical protection systems in nuclear facilities IAEA CN-254 Authors Mitchell HEWES Australian Nuclear Science and Technology Organisation Lucas

  1. Considerations for deploying a security information and event management system supporting physical protection systems in nuclear facilities IAEA CN-254

  2. Authors • Mitchell HEWES Australian Nuclear Science and Technology Organisation Lucas Heights, Australia Email: mitchell@ansto.gov.au • Alan COWIE Australian Nuclear Science and Technology Organisation Lucas Heights, Australia Email: ajc@ansto.gov.au

  3. Outline • Physical Protection Systems within a Facility • Components of an ECS • Where does a CSS fit in? • Sensitive Information • Information Security Assurance • CSS monitoring a PPS • Conclusion

  4. Terminology • PPS – Physical Protection System • ECS – Electronic Control System • CSS – Computer Security System

  5. Physical Protection Systems within a Facility

  6. Typical physical protection systems • Physical barriers necessitate access points e.g. doors, gates, lifts • Mechanical locks & keys • Photo identification cards & documentation • Guard personnel • Access protocols & procedures • Access log books & visitor lists

  7. Physical Barrier & Access Point

  8. Guard Personnel

  9. Components of an ECS

  10. Electronic card/token & reader

  11. Access Controlled Door

  12. Centralized Access Control

  13. Computer-based components of an example networked security system.

  14. Biometric Identification & Data

  15. Purpose & Benefits of ECS • Greater efficiency – augment physical • Managing keys • Robust record of actions undertaken • Negate need for a guard at each door • Monitoring and recording of the state of electro mechanical components • Programmatic automation of Physical Processes e.g. Enforcement of a “no alone” zone

  16. Where does a CSS fit in? • In our example the Computer Security System forms an overwatch function for the ECS • It would sit within a different security zone and take in inputs from multiple facility functions to be able to provide correlation for monitoring and response on attacks spanning multiple systems. • How can we enable this while protecting the function of the ECS?

  17. Sensitive Information

  18. Sensitive Information Automated State Change • Items used in granting automated access – Card ID – PIN Number – Biometric Templates • State information of electromechanical assets • CCTV Camera video feeds • Computer configuration • New EACS parameters supplied to make system changes Contextual State Change

  19. Computer Security Measures for PPS • Host integrity checking • Sub zone network segregation • Netflow - record capture and parsing • Port monitoring • Port security • Wifi rogue monitoring/suppression Contextual State Change

  20. Data Flow Model Between PPS and CSS • Sensitive information that could affect an automated state change within a facility function should not leave it’s source security zone while it is still functionally significant. • Sensitive information that could affect an automated state change within a facility function must not be generated by a system at a lower security level.

  21. Information Security Assurance

  22. Goals • Ensure the confidentiality, integrity, and availability of the automated operation of the PPS and the accuracy of information supplied to an operator to make contextual changes • Monitor the operation of the computer-based hardware components and software for indicators of compromise. • Provide independent computer security measures to ensure a defence in depth against a single computer security vulnerability. • Enable the response, remediation, and restoration of verifiable normal operation. Transitive from PPS: Deter, Detect, Delay, Respond

  23. CSS Monitoring a PPS • Monitor the computer-based components of the physical protection system and the computer security measures protecting them. • Monitor the effectiveness of zone-decoupling measures for computer security zones interacting with the PPS. • Decouple from the PPS itself - limit the information flow to prevent information important to automated operation of the PPS from being captured by the CSS. E.g. through a data diode. • Provide the potential to correlate with the monitoring of other computer security zones to monitor the overall facility computer security defence in depth posture.

  24. Conclusion

  25. Conclusion 1. A nuclear facility PPS augmented with an ECS increases defence in depth from physical attack. 2. An ECS transfers some risk from a physical compromise to an computer-based compromise, thus the need to incorporate computer security measures to maintain defence in depth. 3. A CSS monitors computer security measures. Just as the ECS monitors the physical security measures. 4. A well thought out and implemented CSS, which preserves the confidentiality of sensitive information critical to PPS automation, is required to provide continued assurances of defence in depth.

Recommend

Systematic aspects of high effective physical protection systems design for Russian nuclear

Systematic aspects of high effective physical protection systems design for Russian nuclear

International Conference Physical Protection of Nuclear Material and Nuclear Facilities (IAEA, Vienna, Austria, 13-17 November 2017 ) Systematic aspects of high effective physical protection systems design for Russian nuclear sites

554 views • 29 slides
Verifying Operational Effectiveness For Physical www.sandia.gov Protection Systems Charlie

Verifying Operational Effectiveness For Physical www.sandia.gov Protection Systems Charlie

Verifying Operational Effectiveness For Physical www.sandia.gov Protection Systems Charlie Nickerson Nuclear Cyber Programs Idaho National Laboratory Janice Leach Physical Security Analysis Sandia National Laboratories November 2017

300 views • 10 slides
Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Photos placed in horizontal position with even amount of white space between photos and header Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F. Clem IAEA-CN-254-298 Sandia National Laboratories is

503 views • 17 slides
Physical Protection Measures for NM and NF Hosik YOO Korea Institute of Nuclear

Physical Protection Measures for NM and NF Hosik YOO Korea Institute of Nuclear

ROKs Efforts to Strengthen Physical Protection Measures for NM and NF Hosik YOO Korea Institute of Nuclear non-proliferation and Control Legal Framework APPRE (Act on Physical Protection & Radiological Emergency) Act for physical

684 views • 13 slides
Testing - A Systems Approach IAEA International Conference on Physical Protection of Nuclear

Testing - A Systems Approach IAEA International Conference on Physical Protection of Nuclear

Safeguards and Security Limited-Notice Performance Testing - A Systems Approach IAEA International Conference on Physical Protection of Nuclear Material and Nuclear Facilities 13-17 November 2017 Thomas Clay Messer Roxanne VanVeghten

691 views • 21 slides
Sanctions as a Legal Deterrence Mean in the National Physical Protection Regime (CN-254-76)

Sanctions as a Legal Deterrence Mean in the National Physical Protection Regime (CN-254-76)

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities 13 17 November 2017 Sanctions as a Legal Deterrence Mean in the National Physical Protection Regime (CN-254-76) Session: Physical Protection Regime

321 views • 17 slides
Best Practices on Methodologies & Techniques to Assess the Effectiveness of Physical

Best Practices on Methodologies & Techniques to Assess the Effectiveness of Physical

Best Practices on Methodologies & Techniques to Assess the Effectiveness of Physical Protection Measures & Systems Meghann Parrilla Vulnerability Assessment Analyst v Amanda Friend Physical Security Systems Performance Testing

230 views • 11 slides
Physical Protection Systems Education at PIEAS: Current Status, lessons Learned, and , ,

Physical Protection Systems Education at PIEAS: Current Status, lessons Learned, and , ,

Physical Protection Systems Education at PIEAS: Current Status, lessons Learned, and , , Future Prospects By Dr. Tariq Majeed Dr. Inam ul Haq Pakistan institute of Engineering and Applied Sciences (PIEAS) Presented Presented at

571 views • 28 slides
METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and

METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and

NUCLEAR REGULATORY AUTHORITY, GHANA COMPUTER SECURITY DESIGN METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and Computer Security Section Head Instrumentation & ICT Department Radiological &

180 views • 14 slides
Complementarity between Nuclear Security and Physical Protection System Pr, ABDELOUAHED CHETAINE

Complementarity between Nuclear Security and Physical Protection System Pr, ABDELOUAHED CHETAINE

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities IAEA Headquarters, Vienna, Austria 13 17 November 2017 Complementarity between Nuclear Security and Physical Protection System Pr, ABDELOUAHED

506 views • 31 slides
Benchmarking Security Standards and Knowledge Innovations of Physical Protection of Nuclear

Benchmarking Security Standards and Knowledge Innovations of Physical Protection of Nuclear

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities, IAEA Headquarters Vienna, Austria, 13 17 November, 2017 Benchmarking Security Standards and Knowledge Innovations of Physical Protection of

420 views • 21 slides
International Conference On Physical Protection of Nuclear Material and Nuclear Facilities

International Conference On Physical Protection of Nuclear Material and Nuclear Facilities

International Conference On Physical Protection of Nuclear Material and Nuclear Facilities November 2017 IAEA-CN-254-268 Legal element for Physical protection Legal element for Physical protection regime Sudanese as case study regime Sudanese

847 views • 19 slides
Physical Protection of Byproduct Material: Proposed Rule 10 CFR Part 37 October 20, 2010

Physical Protection of Byproduct Material: Proposed Rule 10 CFR Part 37 October 20, 2010

Physical Protection of Byproduct Material: Proposed Rule 10 CFR Part 37 October 20, 2010 Debbie Bray Gilley Advisory Committee on the Medical Uses of Isotopes (ACMUI) Concerns w ith the Physical Protection Proposed Rules Impact on

374 views • 10 slides
STRENGTHENING REGULATORY REQUERMENTS FOR PHYSICAL PROTECTION IN INDONESIA BASED ON INFCIRC 225

STRENGTHENING REGULATORY REQUERMENTS FOR PHYSICAL PROTECTION IN INDONESIA BASED ON INFCIRC 225

STRENGTHENING REGULATORY REQUERMENTS FOR PHYSICAL PROTECTION IN INDONESIA BASED ON INFCIRC 225 REV.5 Presented by : Suharyanta BAPETEN International Conference on Physical Protection of Nuclear Material and Nuclear Facilities , Vienna, 13-17

579 views • 16 slides
EDUCATION AND TRAINING Dmytro Cherkashyn International Conference on Physical Protection of

EDUCATION AND TRAINING Dmytro Cherkashyn International Conference on Physical Protection of

PERSPECTIVES FOR THE USE OF 3D INTERACTIVE ENVIRONMENT IN PHYSICAL PROTECTION EDUCATION AND TRAINING Dmytro Cherkashyn International Conference on Physical Protection of Nuclear Material and Nuclear Facilities November 16, 2017 Technische

426 views • 13 slides
Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Micro-Architectural Attacks on Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical Systems Cyber Physical Systems (CPS) Cyber (Computer) + Physical (Plant) Real-time Control physical

310 views • 29 slides
Supporting the Development of FINTECH: Approaches and Challenges for Consumer Protection CVM -

Supporting the Development of FINTECH: Approaches and Challenges for Consumer Protection CVM -

Supporting the Development of FINTECH: Approaches and Challenges for Consumer Protection CVM - BRAZIL Jos Alexandre C. Vasco Investor Protection and Assistance Office Securities and Exchange Commission of Brazil FINTECH HUB TIMELINE REPORT

504 views • 23 slides
Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models,

Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models,

Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models, Fundamental Limitations, and Monitor Design Fabio Pasqualetti Florian D orfler Francesco Bullo Center for Control, Dynamical systems and Computation

994 views • 11 slides
From Theory to Physical Systems: Putting It Together Automotive Cyber-Physical Systems How do

From Theory to Physical Systems: Putting It Together Automotive Cyber-Physical Systems How do

From Theory to Physical Systems: Putting It Together Automotive Cyber-Physical Systems How do we go from talking about C- spaces, DOF, and control theory to designing a real-life autonomous car? Team MITs Approach to the DARPA Urban

760 views • 27 slides
Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Differential Refinement Logic Sarah M. Loos and Andr Platzer Computer Science Department Carnegie Mellon University 1 Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j p x k x i

1.97k views • 179 slides
Convention on Physical Protection of Nuclear Material and its Amendment in Senegal International

Convention on Physical Protection of Nuclear Material and its Amendment in Senegal International

Preparation for the implementation of the Convention on Physical Protection of Nuclear Material and its Amendment in Senegal International Conference on Physical Protection of Nuclear Material and Nuclear Facilities IAEA Headquarters

626 views • 25 slides
{Summary} Structure, Staffing the Physical and Security of the Protection of the Proposed

{Summary} Structure, Staffing the Physical and Security of the Protection of the Proposed

CONSIDERATIONS FOR THE DESIGN AND IMPLEMENTATION OF PHYSICAL PROTECTION FOR A PROPOSED MULTI-PURPOSE RESEARCH REACTOR COMPLEX (MPRRC) The Need for the Introduction Proposed MPRRC Ofodile O.N. and Agedah E.C. Nigeria Atomic Energy Commission,

506 views • 24 slides
AN INTEGRATED APPROACH FOR DESIGN AND IMPLEMENTATION OF PHYSICAL PROTECTION SYSTEM ELEMENTS FOR

AN INTEGRATED APPROACH FOR DESIGN AND IMPLEMENTATION OF PHYSICAL PROTECTION SYSTEM ELEMENTS FOR

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities 13 17 November, 2017, Vienna AN INTEGRATED APPROACH FOR DESIGN AND IMPLEMENTATION OF PHYSICAL PROTECTION SYSTEM ELEMENTS FOR NUCLEAR FACILITIES

279 views • 23 slides
Republic of Azerbaijan Ramin Pashayev The State Agency on Nuclear and Radiological Activity

Republic of Azerbaijan Ramin Pashayev The State Agency on Nuclear and Radiological Activity

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities Vienna, Austria | 13 17 November 2017 Regulatory oversight and control of the physical protection of nuclear materials and nuclear facilities and

416 views • 28 slides

More recommend