supporting physical protection systems
play

supporting physical protection systems in nuclear facilities IAEA - PowerPoint PPT Presentation

Jan 17, 2023 •336 likes •605 views

Considerations for deploying a security information and event management system supporting physical protection systems in nuclear facilities IAEA CN-254 Authors Mitchell HEWES Australian Nuclear Science and Technology Organisation Lucas

  1. Considerations for deploying a security information and event management system supporting physical protection systems in nuclear facilities IAEA CN-254

  2. Authors • Mitchell HEWES Australian Nuclear Science and Technology Organisation Lucas Heights, Australia Email: mitchell@ansto.gov.au • Alan COWIE Australian Nuclear Science and Technology Organisation Lucas Heights, Australia Email: ajc@ansto.gov.au

  3. Outline • Physical Protection Systems within a Facility • Components of an ECS • Where does a CSS fit in? • Sensitive Information • Information Security Assurance • CSS monitoring a PPS • Conclusion

  4. Terminology • PPS – Physical Protection System • ECS – Electronic Control System • CSS – Computer Security System

  5. Physical Protection Systems within a Facility

  6. Typical physical protection systems • Physical barriers necessitate access points e.g. doors, gates, lifts • Mechanical locks & keys • Photo identification cards & documentation • Guard personnel • Access protocols & procedures • Access log books & visitor lists

  7. Physical Barrier & Access Point

  8. Guard Personnel

  9. Components of an ECS

  10. Electronic card/token & reader

  11. Access Controlled Door

  12. Centralized Access Control

  13. Computer-based components of an example networked security system.

  14. Biometric Identification & Data

  15. Purpose & Benefits of ECS • Greater efficiency – augment physical • Managing keys • Robust record of actions undertaken • Negate need for a guard at each door • Monitoring and recording of the state of electro mechanical components • Programmatic automation of Physical Processes e.g. Enforcement of a “no alone” zone

  16. Where does a CSS fit in? • In our example the Computer Security System forms an overwatch function for the ECS • It would sit within a different security zone and take in inputs from multiple facility functions to be able to provide correlation for monitoring and response on attacks spanning multiple systems. • How can we enable this while protecting the function of the ECS?

  17. Sensitive Information

  18. Sensitive Information Automated State Change • Items used in granting automated access – Card ID – PIN Number – Biometric Templates • State information of electromechanical assets • CCTV Camera video feeds • Computer configuration • New EACS parameters supplied to make system changes Contextual State Change

  19. Computer Security Measures for PPS • Host integrity checking • Sub zone network segregation • Netflow - record capture and parsing • Port monitoring • Port security • Wifi rogue monitoring/suppression Contextual State Change

  20. Data Flow Model Between PPS and CSS • Sensitive information that could affect an automated state change within a facility function should not leave it’s source security zone while it is still functionally significant. • Sensitive information that could affect an automated state change within a facility function must not be generated by a system at a lower security level.

  21. Information Security Assurance

  22. Goals • Ensure the confidentiality, integrity, and availability of the automated operation of the PPS and the accuracy of information supplied to an operator to make contextual changes • Monitor the operation of the computer-based hardware components and software for indicators of compromise. • Provide independent computer security measures to ensure a defence in depth against a single computer security vulnerability. • Enable the response, remediation, and restoration of verifiable normal operation. Transitive from PPS: Deter, Detect, Delay, Respond

  23. CSS Monitoring a PPS • Monitor the computer-based components of the physical protection system and the computer security measures protecting them. • Monitor the effectiveness of zone-decoupling measures for computer security zones interacting with the PPS. • Decouple from the PPS itself - limit the information flow to prevent information important to automated operation of the PPS from being captured by the CSS. E.g. through a data diode. • Provide the potential to correlate with the monitoring of other computer security zones to monitor the overall facility computer security defence in depth posture.

  24. Conclusion

  25. Conclusion 1. A nuclear facility PPS augmented with an ECS increases defence in depth from physical attack. 2. An ECS transfers some risk from a physical compromise to an computer-based compromise, thus the need to incorporate computer security measures to maintain defence in depth. 3. A CSS monitors computer security measures. Just as the ECS monitors the physical security measures. 4. A well thought out and implemented CSS, which preserves the confidentiality of sensitive information critical to PPS automation, is required to provide continued assurances of defence in depth.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Systematic aspects of high effective physical protection systems design for Russian nuclear

Systematic aspects of high effective physical protection systems design for Russian nuclear

International Conference Physical Protection of Nuclear Material and Nuclear Facilities (IAEA, Vienna, Austria, 13-17 November 2017 ) Systematic aspects of high effective physical protection systems design for Russian nuclear sites

554 views • 29 slides
Verifying Operational Effectiveness For Physical www.sandia.gov Protection Systems Charlie

Verifying Operational Effectiveness For Physical www.sandia.gov Protection Systems Charlie

Verifying Operational Effectiveness For Physical www.sandia.gov Protection Systems Charlie Nickerson Nuclear Cyber Programs Idaho National Laboratory Janice Leach Physical Security Analysis Sandia National Laboratories November 2017

300 views • 10 slides
Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F.

Photos placed in horizontal position with even amount of white space between photos and header Potential Weaknesses in the Cyber Systems of High-Security Physical Protection Systems John F. Clem IAEA-CN-254-298 Sandia National Laboratories is

503 views • 17 slides
Physical Protection Measures for NM and NF Hosik YOO Korea Institute of Nuclear

Physical Protection Measures for NM and NF Hosik YOO Korea Institute of Nuclear

ROKs Efforts to Strengthen Physical Protection Measures for NM and NF Hosik YOO Korea Institute of Nuclear non-proliferation and Control Legal Framework APPRE (Act on Physical Protection & Radiological Emergency) Act for physical

684 views • 13 slides
Testing - A Systems Approach IAEA International Conference on Physical Protection of Nuclear

Testing - A Systems Approach IAEA International Conference on Physical Protection of Nuclear

Safeguards and Security Limited-Notice Performance Testing - A Systems Approach IAEA International Conference on Physical Protection of Nuclear Material and Nuclear Facilities 13-17 November 2017 Thomas Clay Messer Roxanne VanVeghten

691 views • 21 slides
Sanctions as a Legal Deterrence Mean in the National Physical Protection Regime (CN-254-76)

Sanctions as a Legal Deterrence Mean in the National Physical Protection Regime (CN-254-76)

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities 13 17 November 2017 Sanctions as a Legal Deterrence Mean in the National Physical Protection Regime (CN-254-76) Session: Physical Protection Regime

321 views • 17 slides
Best Practices on Methodologies & Techniques to Assess the Effectiveness of Physical

Best Practices on Methodologies & Techniques to Assess the Effectiveness of Physical

Best Practices on Methodologies & Techniques to Assess the Effectiveness of Physical Protection Measures & Systems Meghann Parrilla Vulnerability Assessment Analyst v Amanda Friend Physical Security Systems Performance Testing

230 views • 11 slides
Physical Protection Systems Education at PIEAS: Current Status, lessons Learned, and , ,

Physical Protection Systems Education at PIEAS: Current Status, lessons Learned, and , ,

Physical Protection Systems Education at PIEAS: Current Status, lessons Learned, and , , Future Prospects By Dr. Tariq Majeed Dr. Inam ul Haq Pakistan institute of Engineering and Applied Sciences (PIEAS) Presented Presented at

571 views • 28 slides
METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and

METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and

NUCLEAR REGULATORY AUTHORITY, GHANA COMPUTER SECURITY DESIGN METHODOLOGY FOR NUCLEAR FACILITY & PHYSICAL PROTECTION SYSTEMS Nelson K. Agbemava ICT and Computer Security Section Head Instrumentation & ICT Department Radiological &

180 views • 14 slides
Complementarity between Nuclear Security and Physical Protection System Pr, ABDELOUAHED CHETAINE

Complementarity between Nuclear Security and Physical Protection System Pr, ABDELOUAHED CHETAINE

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities IAEA Headquarters, Vienna, Austria 13 17 November 2017 Complementarity between Nuclear Security and Physical Protection System Pr, ABDELOUAHED

506 views • 31 slides
Benchmarking Security Standards and Knowledge Innovations of Physical Protection of Nuclear

Benchmarking Security Standards and Knowledge Innovations of Physical Protection of Nuclear

International Conference on Physical Protection of Nuclear Material and Nuclear Facilities, IAEA Headquarters Vienna, Austria, 13 17 November, 2017 Benchmarking Security Standards and Knowledge Innovations of Physical Protection of

420 views • 21 slides
International Conference On Physical Protection of Nuclear Material and Nuclear Facilities

International Conference On Physical Protection of Nuclear Material and Nuclear Facilities

International Conference On Physical Protection of Nuclear Material and Nuclear Facilities November 2017 IAEA-CN-254-268 Legal element for Physical protection Legal element for Physical protection regime Sudanese as case study regime Sudanese

847 views • 19 slides
Physical Protection of Byproduct Material: Proposed Rule 10 CFR Part 37 October 20, 2010

Physical Protection of Byproduct Material: Proposed Rule 10 CFR Part 37 October 20, 2010

Physical Protection of Byproduct Material: Proposed Rule 10 CFR Part 37 October 20, 2010 Debbie Bray Gilley Advisory Committee on the Medical Uses of Isotopes (ACMUI) Concerns w ith the Physical Protection Proposed Rules Impact on

374 views • 10 slides
STRENGTHENING REGULATORY REQUERMENTS FOR PHYSICAL PROTECTION IN INDONESIA BASED ON INFCIRC 225

STRENGTHENING REGULATORY REQUERMENTS FOR PHYSICAL PROTECTION IN INDONESIA BASED ON INFCIRC 225

STRENGTHENING REGULATORY REQUERMENTS FOR PHYSICAL PROTECTION IN INDONESIA BASED ON INFCIRC 225 REV.5 Presented by : Suharyanta BAPETEN International Conference on Physical Protection of Nuclear Material and Nuclear Facilities , Vienna, 13-17

579 views • 16 slides
EDUCATION AND TRAINING Dmytro Cherkashyn International Conference on Physical Protection of

EDUCATION AND TRAINING Dmytro Cherkashyn International Conference on Physical Protection of

PERSPECTIVES FOR THE USE OF 3D INTERACTIVE ENVIRONMENT IN PHYSICAL PROTECTION EDUCATION AND TRAINING Dmytro Cherkashyn International Conference on Physical Protection of Nuclear Material and Nuclear Facilities November 16, 2017 Technische

426 views • 13 slides
Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Micro-Architectural Attacks on Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical Systems Cyber Physical Systems (CPS) Cyber (Computer) + Physical (Plant) Real-time Control physical

310 views • 29 slides
Know Your Traveller Enhanced Early Identification and Authentication Done Remotely

Know Your Traveller Enhanced Early Identification and Authentication Done Remotely

Know Your Traveller Enhanced Early Identification and Authentication Done Remotely Gordon Wilson, President, WorldReach Software New Pressure Points UN SECURITY COUNCIL UNANIMOUSLY ADOPTS RESOLUTION 2178 UN Condemns Violent

355 views • 18 slides
Delivery of digital initiatives Case study: Deployment of Indias Biometric Digital Identity

Delivery of digital initiatives Case study: Deployment of Indias Biometric Digital Identity

Delivery of digital initiatives Case study: Deployment of Indias Biometric Digital Identity Platform Regis Bauchiere GM Identity Solutions, Australia Post Digital identity initiatives Learning from global experiences Chile

705 views • 19 slides
RESULTS FOR THE YEAR ENDED 30 APRIL 2017 27 JUNE 2017 FINAL RESULTS SERGE CRASNIANSKI, CEO

RESULTS FOR THE YEAR ENDED 30 APRIL 2017 27 JUNE 2017 FINAL RESULTS SERGE CRASNIANSKI, CEO

RESULTS FOR THE YEAR ENDED 30 APRIL 2017 27 JUNE 2017 FINAL RESULTS SERGE CRASNIANSKI, CEO OVERVIEW Agenda Highlights & Business Overview Financial Review Innovation & Growth Strategy Conclusion FINAL RESULTS 3

658 views • 27 slides
Randeep Sudan Practice Manager for ICT June 2015 1 What is the development opportunity? Support

Randeep Sudan Practice Manager for ICT June 2015 1 What is the development opportunity? Support

Randeep Sudan Practice Manager for ICT June 2015 1 What is the development opportunity? Support the Sustainable Development Goals (target #16.9) : provide legal identity for all, including birth registration, by 2030 1.8 10 625

201 views • 9 slides
Technical training agenda Compan any Overvie view w Ke Key Featu ture res s and d

Technical training agenda Compan any Overvie view w Ke Key Featu ture res s and d

Technical training agenda Compan any Overvie view w Ke Key Featu ture res s and d Benefits its Product oduct Overvi view ew Accessorie sories ACTA3 A3 Model l and Legend Back k Pa Panel l Int nternal

632 views • 50 slides
THE EVOLVING CYBER THREAT LANDSCAPE : Ensuring the Integrity and Value of Information Sean

THE EVOLVING CYBER THREAT LANDSCAPE : Ensuring the Integrity and Value of Information Sean

THE EVOLVING CYBER THREAT LANDSCAPE : Ensuring the Integrity and Value of Information Sean Kanuck Director of Cyber, Space and Future Conflict The International Institute for Strategic Studies NATO Parliamentary Assembly Warsaw, Poland 27

694 views • 10 slides
e-SIDES Ethical and Societal Implications of Data Sciences What is e-SIDES? Horizon 2020

e-SIDES Ethical and Societal Implications of Data Sciences What is e-SIDES? Horizon 2020

e-SIDES Ethical and Societal Implications of Data Sciences What is e-SIDES? Horizon 2020 grant, running for 3 years Three partners in consortium: eLaw team Planned results 7 community events; Final conference; 7 white

443 views • 28 slides
National ID Cards National Smart Card Office (NSCO)

National ID Cards National Smart Card Office (NSCO)

National ID Cards National Smart Card Office (NSCO) www.sabteahval.ir/houshmand/ National Organization for Civil Tell: 60902701-2 Fax: 66736526 Registration(NOCR) Agenda 1. Traditional ID

370 views • 23 slides

More recommend