Security of Information and Computer Systems
The case for security
Information is at the heart of all human operations and exchange and access to information are a core part of the work of the nuclear sector. Organizations rely more and more on information to carry out business and vital operations, but information may carry risks and the increased reliance on automated systems for processing information increases the risks further.
Information that is vital to organizations must be identified and must be protected: from unauthorized disclosure, to avoid giving an advantage to possible attackers; from unauthorized modification, to avoid disrupting vital processes; from unauthorized destruction, to avoid failure in a process when the information is needed.
Nuclear organizations deal with large amounts of information and, a large proportion of that, may be of a sensitive nature: from details of physical protection plans to systems controlling reactor operations there are many examples available. Furthermore, the modes of operations, the threats, the physical components and the relevance to national security make nuclear organizations stand out for a targeted approach to Information Security. Special attention and special protection must be afforded.
The Agency's work
The IAEA has begun to develop a set of comprehensive activities supporting Member States in their implementation of adequate Information Security programmes. Principally the Agency develops guidance
It was also becoming clear that the use of computer systems to cover an increasing range of functions at nuclear facilities would bring forth new vulnerabilities that could seriously endanger site security if not addressed in a rigorous and balanced manner. Digital systems are being introduced in safety and safety related systems, where non-availability or malfunction may seriously impact nuclear safety and where design flaws may be exploited by potential attackers. Computers are also used in the control of access to sensitive areas, where their non-availability or malfunction may facilitate sabotage, either through unauthorised access being permitted or denial of access to authorised persons. These are just some of the examples of the complex interaction computer systems have with safety and security functions in nuclear facilities.
For further information please contact