Developing Cyber Security Operations Centers (SOCs) for Nuclear Plant Operations

Description

A key to effective incident response and impact mitigation from a cyber-attack is the ability to rapidly identify cyber intrusion and the signs of potential cyber compromise. The longer that an adversary can operate unobserved, the greater chance that an adversary has to achieve their goals. Monitoring and assessment activities for signs of tampering and cyber compromise are an essential element of physical protection and cyber security. While in the past such activities were primarily relegated to physical guard tours and periodic log evaluation, the increasing interconnectivity between systems with digital transformation has led to the implementation of technical monitor capabilities for previously isolated systems. Following a concept similar to a Central Alarm Station (CAS), the implementation of (Computer) Security Operations Centers (SOCs) has seen increasing implementation in new nuclear facilities. The SOC concept presents an opportunity to observe computer and network activity real-time to establish norms of operation and rapidly identify possible anomalies and indicators of compromise.
The implementation of SOCs comes not only with promise, but also with costs including both infrastructure and resource requirements. This paper examines lessons learned and practical measures for implementing a SOC as part of a cyber security program at a nuclear power plant.

Period	22 May 2024
Event title	IAEA ICONS 2024
Event type	Conference
Location	Vienna, AustriaShow on map
Degree of Recognition	International