Staff from Pacific Northwest National Laboratory teamed with the International Atomic Energy Agency (IAEA), the U.S. Department of Energy's National Nuclear Security Administration (NNSA) and subject matter experts from Idaho National Laboratory and Los Alamos National Laboratory the past two years to develop and design the first ever international training course (ITC) on Protecting Computer-Based Systems in Nuclear Security Regimes.
Years of hard work culminated with the inaugural ITC, which brought together 37 participants from 13 countries for two weeks of immersive training on best practices in cybersecurity. Hosted by the Idaho National Laboratory, in Idaho Falls, ID in early October, the course is intended to be the first in a continuing series of IAEA information and computer security ITCs focusing on raising awareness of the threat of cyberattacks, and their potential impact on nuclear security.
"Everyone with responsibility for nuclear security must have a thorough understanding of the vulnerabilities of their systems -- that means knowing how to prevent and mitigate possible cyberattacks on those systems," said Raja Adnan, Director of the IAEA's Division of Nuclear Security.
Nuclear facilities use digital technologies to provide functions that support nuclear safety, security, material accountancy and control and sensitive information management. These technologies and their unique operating environment often require security controls not seen in other industries, using a risk-informed approach and employing the concept of defense in depth. With this in mind, PNNL experts worked with their counterparts to ensure that each instructional module and immersive exercise was designed to create a learning environment that replicated, to the extent possible, equipment typically found in a nuclear facility.
Because of this, the ITC offered a chance for participants to test their skills on actual state-of-the-art digital systems common in today's nuclear facilities. The course introduced participants to common administrative and security tools for identifying and evaluating potential vulnerabilities, and assisted them in identifying and responding to compromises of computer-based systems. James Byrne, a participant from EDF Energy in the United Kingdom, stated, "The hands-on lab environment, presentations, and exercises were conducted in a manner that allowed participants of varied experience to gain the full benefit of the training. It was a valuable training experience that provided me with many cybersecurity insights that will be helpful for me when I return to work." Additionally, the ITC provided an opportunity for participants to share lessons learned from implementing cybersecurity measures in their respective nuclear facilities.
NNSA's Assistant Deputy Administrator for Global Material Security, Art Atkins said, "We are pleased to be involved in developing the ITC and bring to bear the extensive technical expertise that is found in the National Laboratories." Due to its novel and interactive design, the equipment and exercises developed for this course will surely cause a ripple effect on IAEA, NNSA, and PNNL training for cybersecurity.