Regulatory Perspective on Nuclear Cyber Security: The Fundamental Issues

We are living in a digital and information-driven age; hence need to retain information on virtually every aspect of our lives, nuclear information inclusive. Security in computer systems is strongly related to the notion of dependability. For such system to be reliable and secure in a nuclear facility, unauthorized logic changes must be prevented - confidentiality, field device inputs and outputs must remain immutable throughout their usable lifetime - integrity, and everything should remain in an operable state - availability. The dynamic and complex nature of cyber threats has made it a serious challenge to secure computer systems in nuclear facilities. Despite the adoption of varied cyber security services, policies, mechanisms, strategies and regulatory frameworks like confidentiality, integrity, availability, non-repudiation, encipherment, defence-in-depth, design basis threat, IAEA technical guidance documents such as: GS-R-1, GS-R-2, NSS13, NSS17, NST036, NST045, and NST047, IEEE standard 7-4.3.2-2010, NIST SP 800-53, NIST SP 800-82, NEI 08-09 and country-specific requirements such as: 10 CFR 73.54, 10 CFR 73.1, RG 5.71 (USNRC), KINS/RG-N08.22 (South Korea) respectively, the threats remain persistent. This paper is aimed at providing a regulatory perspective on nuclear cyber security, its relationship to nuclear safety and security, regulatory requirements and cyber security global best practice recommendations and strategies to prevent its occurrence. This is imperative as Nigeria prepares to join the league of countries with operational nuclear power plants and reactors by its approval and adoption of the nuclear power programme roadmap in 2007.