Most nuclear security systems used today were not designed for today’s threat environment. Systems that were intended to be stand alone are now interconnected. Devices that have a single purpose are built on multi-purpose platforms and communication protocols that, while effective, have no ability to authenticate authorized versus unauthorized commands. These attributes provide an attacker significant ability to affect the system, pivot throughout the interconnected networks, and remain undetected if he/she is able to compromise a single node.
Software defined networking (SDN) has been used for years by information technology (IT) cloud service providers to quickly provision or remove servers or other systems to meet changing demand. The same concept has recently been applied to operational technology (OT) systems to enable very fast failover on critical systems that have stringent and deterministic (
Published: March 16, 2020
Citation
Clements S.L., C.T. Smith, W.K. Nickless, and C. Nickerson. 2020.Evaluating software defined networking solutions to reduce the digital attack surface of nuclear security systems. In International Conference on Nuclear Security (ICONS 2020), February 10-14, 2020, Vienna, Austria. Vienna:IAEA.PNNL-SA-149341.