Title :
A critical review of attack scenarios on the IAEA Technical Guidance NSS 17 Computer Security at Nuclear Facilities
Author :
Sema, Pryde Nubea ; Zavarsky, Pavol ; Ruhl, Ron
Author_Institution :
Inf. Syst. Security Manage., Concordia Univ., Edmonton, AB, Canada
Abstract :
Changed threat landscape that includes advanced persistent threats and collusion threats, together with advances in understanding recent highly sophisticated attacks on critical infrastructure systems highlight the importance of cybersecurity in nuclear facilities. This paper first reviews the examples of possible attack scenarios shown in the IAEA Technical Guidance Reference Manual on Computer Security at Nuclear Facilities, commonly referenced as IAEA NSS 17. The sample generic attack scenarios that are not specific to nuclear facilities are supplemented in this paper by a more complex attack that corresponds more closely to the post-Stuxnet era. A conventional attack tree modelling methodology is used to represent the attack scenario on industrial control systems. The modelling focusses on the vulnerabilities caused by the human component of the complex systems.
Keywords :
nuclear engineering computing; security of data; IAEA NSS 17; IAEA Technical Guidance Reference Manual on Computer Security at Nuclear Facilities; International Atomic Energy Agency; attack scenario; attack tree modelling methodology; cybersecurity; industrial control system; post-Stuxnet era; Computer security; Data models; IEC; Manuals; Microscopy; Switches; Technological innovation; Stuxnet; advanced persistent threat; attack scenario; attack tree; cybersecurity;
Conference_Titel :
Internet Security (WorldCIS), 2014 World Congress on
Conference_Location :
London
DOI :
10.1109/WorldCIS.2014.7028173
