A Framework for Measuring Human and System Performance of Safe and Secure Incident Response Strategies for Nuclear Facilities
Many of the industrial control systems that support the operation of nuclear facilities are being implemented using off-the-shelf components that use open and standard communication protocols. Consequently, they are suspectible to cyber-attacks, including Advanced Persistent Threats (APTs). In this setting, classical defensive security measures are insufficient, and new reactive security technologies are required that enable situational awareness and effective remedial strategies to be executed. These technologies need to operated in a manner that integrates with existing safety systems and processes. Whilst there have been many technology developments in this context, e.g., for anomaly detection and incident information sharing systems, there has been relatively little investigation regarding how organisational processes and the incident-response teams that use them perform. This is especially the case in settings where both safety and security aspects are important, such as for nuclear facilities. In the SIREN project, we will develop a novel metrics framework that can be used to analyse the relationship between human performance, in the context of organisational policies and reactive security technologies, and overall system resilience. To support the development of this framework, we will develop a unique testbed facility that will be instrumented to measure both technical and human factors in the context of cybersecurity incidents. Furthermore, we will evaluate the framework using an information sharing platform, called CÆSAIR, providing insights into how these tools and accompanying processes can be utilised for nuclear facilities. Correspondingly, the project will directly address Activities 1 and 3 in the J02008 call for proposals.
- Partner: AIT Austrian Institute of Technology (Prime Contractor), Framatome GmbH (Subcontractor)
- Project duration: 11/2016-01/2021
- Funding: International Atomic Energy Agency, J02008 – 2016, Enhancing Computer Security Incident Analysis at Nuclear Facilities