Exchange of best practices in cybersecurity in the nuclear sector
The event was attended by experts from the United States (Idaho National Laboratory, Oak Ridge National Laboratory), Slovenia (Krško Nuclear Power Plant – NEK, Jožef Stefan Institute - IJS, Ministry of Defence, Ministry of Public Administration, and Slovenian Nuclear Safety Administration) and Switzerland (Paul Sherrer Institute – PSI, Swiss Federal Nuclear Safety Inspectorate – ENSI, and Leibstadt Nuclear Power Plant). The aim of the event was to bring together domestic and foreign cybersecurity experts and encourage them to cooperate with each other, to make new acquaintances as well as to acquire and share their knowledge and experience.
The event was divided into a theoretical part in the form of lectures/discussions and a practical part, so-called “Hack-a-thlon”. The following topics were covered in the theoretical part:
- International standards and best practices in cybersecurity in the nuclear sector;
- Design Basis Threat (development, identification of key stakeholders, identification of threats, etc.);
- Preparation of cybersecurity exercise scenarios;
- Ensuring the cybersecurity of physical security systems; and
- Training and certification in cybersecurity.
The practical part or “Hack-a-thlon” was a set of numerous physical and cyber security barriers that participants had to overcome. Here are some examples: laptop and malware analysis, decryption, network analysis, overview of the operation of the physical protection system and cameras, social engineering, and search for clues in different locations around Ljubljana, including the Savsko naselje Library.
Such events represent an exceptional opportunity for the exchange of information and knowledge of experts in the field of cybersecurity. Therefore, Slovenian Nuclear Safety Administration will continue to advocate that such events become a permanent practice.