PNNL

Abstract

Cyber threat profiling and risk mitigation is critical to any nuclear state organization and should be considered as part of any comprehensive nuclear security programme. Defining and evaluating the impact of the cyber threat to mission can be challenging. An existing national nuclear non-proliferation organization undertook an effort to incorporate computer security activities into its programme to address cyber risk. One of the primary goals of this endeavour was to develop a set of prioritised recommendations for organizational follow-through. The organization dedicated subject matter expert resources in the form of a cyber task force to support this goal. Opportunities were identified where computer security could be built into each programme including office-level strategies and tools. Of course, no new identified threat vector is easily considered and incorporated into existing programmes without impact. There are many obstacles to be overcome. Technically literate subject matter experts are difficult to find, management has comparatively less experience applying computer security into its programmes, and trying to change the culture to consider computer security risk at policy and programmatic levels takes time and management attention. As an outcome of this process, a roadmap for program integration was developed, including the establishment of a cyber support team. This paper will discuss the challenges and successes associated with establishing such a team.