In 2016 the International Atomic Energy Agency (IAEA) launched a Coordinated Research Project (CRP) on Enhancing Computer Security Incident Analysis at Nuclear Facilities (J02008). The primary objective of this CRP was to contribute to the improvement of computer security capabilities at nuclear facilities to support the prevention and detection of, and response to, computer security incidents that have the potential to either directly or indirectly contribute to a nuclear security event which adversely affects nuclear safety, nuclear security, or Nuclear Material Accountancy and Control. The IAEA received and accepted proposals from seventeen institutes spread across thirteen countries forming one of the largest CRPs that the Division of Nuclear Security had ever undertaken.
The first primary activity undertaken as part of the CRP was the coordinated development Pressurised Water Reactor (PWR) simulation that supported the addition of hardware in the loop (HIL). The simulation allowed simulated plant processes to be replaced by control logic implemented on a PLC or further plant model simulations. Each institute participating in the development of the simulator, known as the builders, was assigned a different reactor subsystem to model through a coordinated process.
The second primary activity was the development and testing of anomaly detection techniques proposed for use within Nuclear Facilities. These activities were delivered by institutes categorized within the project as Capability Providing Organisations (CPOs). A third activity, threat profiling organisations, was designed to support both other activities with scenarios designed to enrich their research processes and outputs.
This paper will explore the process and steps undertaken to come to form a highly functional coordinated team within CRP J02008. In particular it will highlight the methodology used to designate institutes to activities, the difficulties in coordinating teams spread across the range of global time zones, processes used when vulnerability information has been discovered by an institute, and finally software tools used to enhance information exchange, progress tracking, and communications. We hope that our findings will assist future international nuclear security projects to build upon our successes and further iterate a model to coordinate the production and delivery of impactful research results in support of member states.