Since 18 of December 2019 conferences.iaea.org uses Nucleus credentials. Visit our help pages for information on how to Register and Sign-in using Nucleus.
10-14 February 2020
Europe/Vienna timezone

Response Framework against Cyber-attacks and Computer Security Exercises conducted by NPP Operators in Japan

Not scheduled
15m
Paper CC: Information and computer security considerations for nuclear security

Speaker

Mr Takeshi TAKIKAWA

Description

Olympic Games will be held in Tokyo in July 2020 and prior to the Olympic Games, several major international events would also be held in Japan. Against this background Government of Japan has been making big efforts to proceed with the preparation for the measures against cyber-attacks to computer based systems and networks that control critical infrastructure.
Regarding protection against cyber-attacks to nuclear facilities in Japan, the Nuclear Regulation Authority (NRA), which is the regulatory body of nuclear activities in Japan, rules regulations and inspects all the nuclear facility operators every year in order to confirm whether those operators establish and conduct protective actions for their computer based systems and networks along with the regulations. The NRA has strengthened the computer security of nuclear facilities through these efforts. In addition, it is also important to consider and develop effective response framework against cyber-attacks, and to confirm that the framework works without any problem.In this regard, this paper will present the outlines of typical response framework for nuclear facilities against cyber-attacks in Japan as well as the effectiveness of computer security exercises which nuclear facilities conduct in order to review the framework.
Concerning the response framework for nuclear facilities against cyber-attacks, the IAEA publication “Computer Security Incident Response Planning at Nuclear Facilities” proposes the concept of “Technical Authority (TA)”, which is an organization with specialized skills and resources for responding to computer security incidents. In Japan, the police organization plays the role of TA. When cyber-attacks happen at nuclear facilities, operators are responsible for securing safety of their facilities, and the police organization responds to the cyber-attacks with operators as TA. That is a characteristic point regarding the response framework in Japan.
Every Japanese local police headquarters has a cyber-crime inspection section and when nuclear facilities notify the police of being attacked by hackers, cyber-crime inspection officers immediately go to the facility with forensic devices and start inspection. In addition, the National Police Agency of Japan (NPA), which unifies local police headquarters, organized 13 cyber-attack special inspection teams and located the teams to 13 major cities in Japan in 2013. When a local police headquarters calls for cooperation to the cyber-attack special inspection team, the special inspection team is dispatched to the facility as soon as possible using helicopters if necessary.
With regard to computer security exercises, the guideline concerning nuclear facilities’ computer security, which was developed by the NRA in March 2018, recommends that operators should conduct computer security exercises regularly. It does not require to conduct complex and sophisticated exercises for the time being, although the NRA hopes operators to achieve such levels in the future. So the NRA accepts operators to conduct mere table top exercises that confirm procedures to notify the regulatory body, local police headquarters, local government, etc. of the on-site situation.
However, prior to the development of the guideline, some NPP operators proactively and voluntarily began to plan computer security exercises including the development of exercise scenarios, and conduct every year in consultation with the NRA and local police headquarters. Among those NPP operators, some have planned and conducted advanced computer security exercises, which are realistic and sophisticated enough based on the international situation surrounding computer security and emerging technologies. Cyber-crime inspection officers and cyber-attack special inspection team members also participated in those exercises as players. These efforts contribute to ensuring close communication between operators and the police organization and improve response capacity against cyber-attacks.
In this paper, the outline of response framework against cyber-attacks in Japan as well as the effectiveness of a computer security exercise which certain Japanese NPP operator conducted in the past including outline of scenario and responses to incidents will be presented.

Gender Male
State Japan

Primary author

Presentation Materials