Industrial Control Systems (ICS) are used to run modern critical infrastructure, including energy stations and nuclear power plants. These objects operate at constant risk of being cyberattacked. According to the statistics from Kaspersky ICS CERT revealed at Cyber Security Weekend – META 2023, attacks were detected on 27% of ICS computers in the Middle East in 1Q 2023. To protect nuclear power plants from cyber threats, Kaspersky has developed a unique secure-by-design approach to their protection that eliminates the chance of cyberattacks affecting the infrastructure.
Kaspersky’s secure-by-design approach implies using different kinds of cybersecurity solutions at nuclear power plants, including network firewalls, data diodes, monitoring solutions, intrusion detection systems, endpoint protection, operational technology & IoT cybersecurity, cybersecurity for networks and for nodes.
A secure-by-design approach in general means that an IT-enabled system (or facility) is built from scratch in a way that protects against malicious cyber actors getting access to devices, data, and connected infrastructure. This approach is based on system inherent security. The system should remain in a secure and safe state throughout the lifetime, reducing the cost of high-quality protection.
Kaspersky has developed a complete set of documentation for implementing secure-by-design IT infrastructure at nuclear power stations. Kaspersky’s approach to risk management covers the choice of contractors, equipment, hardware, software, and takes into account new types of computer threats, as well as the existing tactics and techniques of attacks. The documentation contains the description of a nuclear power plant IT architecture, relevant recommendations, ensuring the cybersecurity and information security of nuclear power plants throughout their long life cycle.
“On our usual computer at home or at the office we use traditional ‘on top’ or ‘add on’ protection solutions. They do a good job of protecting us from attacks at this level. But when it comes to nuclear power plants, the approach to their protection should be different. Nuclear and radiological safety, plant availability, and reliable electricity supply are determined, among other factors, by cybersecurity,” comments Ekaterina Rudina, Security Analysis Group Lead at Kaspersky ICS CERT. “Nuclear power plant protection should be thoroughly planned at the early stages of plant design. Kaspersky’s approach to nuclear power plant cybersecurity is compliant with all standards and recommendations of international organizations, including the International Atomic Energy Agency (IAEA).”