Publications

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

The assurance of Safeguards Information is crucial to meet IAEA obligations. Information can be potentially at risk for alteration when it is generated, stored, transmitted, or manipulated (such as in a calculation). Where, when, and how information is assured can vary depending on where in the information lifecycle it exists. Often, information protection measures are not considered until after a system is architected and built or are only applied to a portion of the information system. This typically limits the effectiveness of information assurance, can increase the cost of assuring the information, and can reduce the trust in the information received. Designing information assurance into the architecture of a system can significantly reduce information vulnerability at an affordable cost while improving the trust of the information. This paper discusses safeguards information assurance by design and architectural approaches from a lifecycle perspective including potential tools that can be utilized to help define information assurance requirements and help validate the effectiveness of these requirements as the system transitions through the lifecycle. The tools discussed include risk management tools, architectural approaches, modeling approaches, and red teaming benefits.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Nuclear power plants and facilities have been implementing digital system upgrades into their previously analog systems for well over twenty years. New nuclear facilities’ control, security, and emergency preparedness systems are almost exclusively built on digital architectures with a high degree of communication between the various systems that are often integrated together into a central control station to aid in operation or security of the facility. As digital systems become more widespread in nuclear facility control system architectures, cyber security related issues have become a significant concern to operators, regulators, governments, and other groups. Among the many concerns related to digital systems and cyber security is the area of common cause and common mode failures. This paper introduces, defines, and discusses some sources of common cause failure from a cyber security perspective: common vector access. This refers to specific access points that an adversary can exploit through a single attack sequence that have the potential to provide relational failures through common cause on multiple components, subsystems, systems, or plants. This paper will further discuss interconnected processes where these access points may exist, the importance of limiting or controlling these pinch points, and some methods of protecting common vector access points.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.