The unusual and suspicious behavior of a disgruntled employee captured in a 10-second surveillance video of a hypothetical nuclear facility opened up a large-scale cybersecurity exercise in Slovenia. Following the employee footage, a series of simulated events unfold and culminate in a malware attack on the technology systems that operate the hypothetical nuclear facility.
Conducted by the Slovenian Nuclear Safety Administration (SNSA), this highly interactive exercise – includes hands-on examples and involves key nuclear stakeholders of Slovenia. Scenarios involving real-world operational technology systems with internal threats, external cyberattacks, and physical intrusions into a hypothetical nuclear facility show impacts of computer security compromises for critical operational control systems leading to a nuclear security event.
“Raising awareness of the resilience needed to secure nuclear facilities from cyberattacks is one of the goals of such exercises. Elena Buglova, Director of the IAEA’s Nuclear Security Division, said identifying any existing vulnerabilities, examining internal procedures and enhancing cooperation among stakeholders. “Interest in computer security exercises is growing and the IAEA stands ready to support the requests of countries in this area of nuclear security.”
KiVA2022 The exercise involved 70 experts representing the national nuclear sector stakeholders, including operators of nuclear facilities, government agencies such as the Office of Information Security. Government, Ministry of Home Affairs, national technical assistance organizations, as well as computer equipment suppliers.
“The organizing team and the participants were extremely close. Mr. Igor SIRC, Director of SNSA, said that the well-designed scenario gave them all their first experience of connecting safety, security and emergency readiness functions in an emergency. Cybersecurity is very complex. He added: “Our national capacity to respond to emergencies, triggered by cybersecurity events at nuclear facilities, was further enhanced following the exercise. this.
The exercise was conducted by SNSA in partnership with the IAEA and the Austrian Institute of Technology AIT, an IAEA Computer and Information Security Cooperation Center. The IAEA and AIT supplied, developed and assembled a dedicated information and operations technology infrastructure, components and systems specifically designed for the exercise. A simulation of a nuclear power plant (NPP) and fictitious facilities developed as part of the recently completed IAEA Joint Research Project (CRP) was used.