Home > Research > Publications & Outputs > Building Capability for Computer Security Assur...

Electronic data

  • ICONS2024_611

    Accepted author manuscript, 799 KB, PDF document

    Available under license: CC BY: Creative Commons Attribution 4.0 International License

View graph of relations

Building Capability for Computer Security Assurance Activities Through International Cooperation

Research output: Contribution to conference - Without ISBN/ISSN Conference paperpeer-review

Published

Standard

Building Capability for Computer Security Assurance Activities Through International Cooperation. / Moutenot, Laurent; Berman, Gustavo; Paulino Marques, Ricardo et al.
2024. Paper presented at International Conference on Nuclear Security: Shaping the Future , Vienna, Austria.

Research output: Contribution to conference - Without ISBN/ISSN Conference paperpeer-review

Harvard

Moutenot, L, Berman, G, Paulino Marques, R, Smith, P & Busquim e Silva, R 2024, 'Building Capability for Computer Security Assurance Activities Through International Cooperation', Paper presented at International Conference on Nuclear Security: Shaping the Future , Vienna, Austria, 20/05/24 - 24/05/24.

APA

Moutenot, L., Berman, G., Paulino Marques, R., Smith, P., & Busquim e Silva, R. (2024). Building Capability for Computer Security Assurance Activities Through International Cooperation. Paper presented at International Conference on Nuclear Security: Shaping the Future , Vienna, Austria.

Vancouver

Moutenot L, Berman G, Paulino Marques R, Smith P, Busquim e Silva R. Building Capability for Computer Security Assurance Activities Through International Cooperation. 2024. Paper presented at International Conference on Nuclear Security: Shaping the Future , Vienna, Austria.

Author

Moutenot, Laurent ; Berman, Gustavo ; Paulino Marques, Ricardo et al. / Building Capability for Computer Security Assurance Activities Through International Cooperation. Paper presented at International Conference on Nuclear Security: Shaping the Future , Vienna, Austria.

Bibtex

@conference{f2762bffde184f658b103a1f943067e4,
title = "Building Capability for Computer Security Assurance Activities Through International Cooperation",
abstract = "This work presents the framework and the outcomes of a pilot Workshop on Conducting Computer Security Exercises for Nuclear Security hosted by the French Nuclear Security Centre of Excellence, designed and organized by the International Atomic Energy Agency (IAEA) and subject matter experts from different IAEA Member States, and delivered for the European countries. Computer security exercises are assurance activities that improve cyber security response preparedness for countries, operators and organizations. This workshop employed the IAEA fictitious State of Anshar with a realistic scenario-based storyline, using a sophisticated specifically designed simulation environment capable of simulating real-time operational technology (OT) and information technology (IT) cyber-attacks, to train participants with methodologies to prepare, conduct and evaluate computer security exercises. The design of this event considered the IAEA computer security guidance applied for the State of Anshar facilities (Asherah Nuclear Power Plant, Shapash Nuclear Research Institute and Gula Regional Hospital), including simulators of: representative IT/OT systems of nuclear power plant; a heating, ventilation and air conditioning systems; physical protection systems; and a radiotherapy clinic in a simulation environment developed based on the lessons learned from the IAEA{\textquoteright}s support to the Brazilian Cyber Guardian Exercises (5 editions, from 2018 to 2023) and the Slovenia KiVA Exercise (2022). The participants were exposed to a well-organized real-time escalating campaign by a threat group aiming at different targets within the State of Anshar. They were called to play collectively as members of incident response teams and in this process, improve their capability to design and deploy similar events. The event provided information for the participants to adapt the IAEA simulation environment to their national context, organization and procedures, in order to develop future training or awareness activities more relevant to their Member States. This pilot workshop exceeded the expectations of the trainees in terms of quality of its content and sophistication of IAEA simulation environment. In addition, it increased the international cooperation and sharing of information on how to detect, response and protect against cyber-attacks. ",
author = "Laurent Moutenot and Gustavo Berman and {Paulino Marques}, Ricardo and Paul Smith and {Busquim e Silva}, Rodney",
year = "2024",
month = may,
day = "22",
language = "English",
note = "International Conference on Nuclear Security: Shaping the Future , ICONS ; Conference date: 20-05-2024 Through 24-05-2024",
url = "https://www.iaea.org/events/icons2024",

}

RIS

TY - CONF

T1 - Building Capability for Computer Security Assurance Activities Through International Cooperation

AU - Moutenot, Laurent

AU - Berman, Gustavo

AU - Paulino Marques, Ricardo

AU - Smith, Paul

AU - Busquim e Silva, Rodney

PY - 2024/5/22

Y1 - 2024/5/22

N2 - This work presents the framework and the outcomes of a pilot Workshop on Conducting Computer Security Exercises for Nuclear Security hosted by the French Nuclear Security Centre of Excellence, designed and organized by the International Atomic Energy Agency (IAEA) and subject matter experts from different IAEA Member States, and delivered for the European countries. Computer security exercises are assurance activities that improve cyber security response preparedness for countries, operators and organizations. This workshop employed the IAEA fictitious State of Anshar with a realistic scenario-based storyline, using a sophisticated specifically designed simulation environment capable of simulating real-time operational technology (OT) and information technology (IT) cyber-attacks, to train participants with methodologies to prepare, conduct and evaluate computer security exercises. The design of this event considered the IAEA computer security guidance applied for the State of Anshar facilities (Asherah Nuclear Power Plant, Shapash Nuclear Research Institute and Gula Regional Hospital), including simulators of: representative IT/OT systems of nuclear power plant; a heating, ventilation and air conditioning systems; physical protection systems; and a radiotherapy clinic in a simulation environment developed based on the lessons learned from the IAEA’s support to the Brazilian Cyber Guardian Exercises (5 editions, from 2018 to 2023) and the Slovenia KiVA Exercise (2022). The participants were exposed to a well-organized real-time escalating campaign by a threat group aiming at different targets within the State of Anshar. They were called to play collectively as members of incident response teams and in this process, improve their capability to design and deploy similar events. The event provided information for the participants to adapt the IAEA simulation environment to their national context, organization and procedures, in order to develop future training or awareness activities more relevant to their Member States. This pilot workshop exceeded the expectations of the trainees in terms of quality of its content and sophistication of IAEA simulation environment. In addition, it increased the international cooperation and sharing of information on how to detect, response and protect against cyber-attacks.

AB - This work presents the framework and the outcomes of a pilot Workshop on Conducting Computer Security Exercises for Nuclear Security hosted by the French Nuclear Security Centre of Excellence, designed and organized by the International Atomic Energy Agency (IAEA) and subject matter experts from different IAEA Member States, and delivered for the European countries. Computer security exercises are assurance activities that improve cyber security response preparedness for countries, operators and organizations. This workshop employed the IAEA fictitious State of Anshar with a realistic scenario-based storyline, using a sophisticated specifically designed simulation environment capable of simulating real-time operational technology (OT) and information technology (IT) cyber-attacks, to train participants with methodologies to prepare, conduct and evaluate computer security exercises. The design of this event considered the IAEA computer security guidance applied for the State of Anshar facilities (Asherah Nuclear Power Plant, Shapash Nuclear Research Institute and Gula Regional Hospital), including simulators of: representative IT/OT systems of nuclear power plant; a heating, ventilation and air conditioning systems; physical protection systems; and a radiotherapy clinic in a simulation environment developed based on the lessons learned from the IAEA’s support to the Brazilian Cyber Guardian Exercises (5 editions, from 2018 to 2023) and the Slovenia KiVA Exercise (2022). The participants were exposed to a well-organized real-time escalating campaign by a threat group aiming at different targets within the State of Anshar. They were called to play collectively as members of incident response teams and in this process, improve their capability to design and deploy similar events. The event provided information for the participants to adapt the IAEA simulation environment to their national context, organization and procedures, in order to develop future training or awareness activities more relevant to their Member States. This pilot workshop exceeded the expectations of the trainees in terms of quality of its content and sophistication of IAEA simulation environment. In addition, it increased the international cooperation and sharing of information on how to detect, response and protect against cyber-attacks.

M3 - Conference paper

T2 - International Conference on Nuclear Security: Shaping the Future

Y2 - 20 May 2024 through 24 May 2024

ER -