The Security Plan for the joint EURATOM/IAEA remote monitoring network



Similar documents
Use of electronic seals and remote data transmission to increase the efficiency of safeguards applied in a static Plutonium store

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Cybersecurity Framework Security Policy Mapping Table

Cloud Security Trust Cisco to Protect Your Data

ISO 27002:2013 Version Change Summary

This interpretation of the revised Annex

Information security controls. Briefing for clients on Experian information security controls

I. Introduction to Privacy: Common Principles and Approaches

PCI Compliance 3.1. About Us

The BYOD of Tomorrow: BYOD 2.0. What is BYOD 1.0? What is BYOD 2.0? 3/27/2014. Cesar Picasso, MBA SOTI Inc. April 02, 2014

Privacy and Electronic Communications Regulations

PCI Assessments 3.0 What Will the Future Bring? Matt Halbleib, SecurityMetrics

BYOD: End-to-End Security

Information Security Awareness Training

Summary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act

International Safeguards Infrastructure Development

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA

Secure Video Surveillance System (SVSS) for Unannounced Safeguards Inspections

AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL OF PROTECTION

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Norwegian Data Inspectorate

Symantec DLP Overview. Jonathan Jesse ITS Partners

Information security due diligence

Astaro Services AG Rheinweg 7, CH-8200 Schaffhausen. Supplementary data protection agreement. to the license agreement for license ID: between

CompTIA Security+ (Exam SY0-410)

Elements of the Russian Emergency Preparedness Program

Regulations on Information Systems Security. I. General Provisions

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

WIRELESS LOCAL AREA NETWORK (WLAN) IMPLEMENTATION

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 2.0 to 3.0

INSTITUTE FOR SAFE MEDICATION PRACTICES CANADA

Brainloop Cloud Security

Unit 3 Cyber security

Data Management Policies. Sage ERP Online

Ensuring HIPAA Compliance with AcclaimVault Online Backup and Archiving Services

HIPAA Security Education. Updated May 2016

Supporting FISMA and NIST SP with Secure Managed File Transfer

Land Registry. Version /09/2009. Certificate Policy

Third Party Security Requirements Policy

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

WHITE PAPER. HIPPA Compliance and Secure Online Data Backup and Disaster Recovery

Privacy + Security + Integrity

Procedure Title: TennDent HIPAA Security Awareness and Training

Nuclear Safeguards. How far can Inspectors go?

Supporting our customers with NERC CIP compliance. James McQuiggan, CISSP

Data Loss Prevention. Keeping sensitive data out of the wrong hands*

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Policies and Procedures

Newcastle University Information Security Procedures Version 3

Central Agency for Information Technology

CHIS, Inc. Privacy General Guidelines

Data Protection Act Guidance on the use of cloud computing

Audit, Business Risk and Compliance Committee charter

System Description of the Date Center System Relevant to Security and Availability (SOC 3) November 1, 2011 through April 30, 2012

ipatch System Manager - HIPAA Compliance

Security and Safeguards Considerations in Radioactive Waste Management. Canadian Nuclear Safety Commission

Intel Enhanced Data Security Assessment Form

External Supplier Control Requirements

anomaly, thus reported to our central servers.

Information Security It s Everyone s Responsibility

HIPAA: Compliance Essentials

Audit, Business Risk and Compliance Committee Charter Pact Group Holdings Ltd (Company)

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session One

CSMS. Cyber Security Management System. Conformity Assessment Scheme

Seven Requirements for Successfully Implementing Information Security Policies and Standards

CTR System Report FISMA

IT Networking and Security

Act on Background Checks

International transfers of nuclear material

PRINCIPLES AND PRACTICE OF INFORMATION SECURITY

Policy. London School of Economics & Political Science. Remote Access Policy. IT Services. Jethro Perkins. Information Security Manager.

Data Security 101. Christopher M. Brubaker. A Lawyer s Guide to Ethical Issues in the Digital Age. cbrubaker@clarkhill.com

NRC INSPECTION MANUAL

UF IT Risk Assessment Standard

Information Security Policies. Version 6.1

Cyber Security :: Insights & Recommendations for Secure Operations. N-Dimension Solutions, Inc.

IAPP Privacy Certification

How to ensure control and security when moving to SaaS/cloud applications

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

Human Factors in Design and Construction Regulatory Perspective

Information Security Policy Best Practice Document

Office 365 Data Processing Agreement with Model Clauses

Metropolitan Living, LLC 151 W. Burnsville Parkway, Suite 101 Burnsville, MN Ph: (952) Fax: (651)

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 3.0 to 3.1

Transcription:

The Security Plan for the joint EURATOM/IAEA remote monitoring network Johan Stronkhorst Vienna, 23/10/2014

The roots. The EURATOM Treaty (1957) Chapter VII Safeguards executive tasks are given to the Commission for all related areas: declaration of basic technical characteristics to the EC (Art. 78) provision of accountancy declarations to EC (Art. 79, Regulation no. 302/2005) send inspectors to nuclear installations and verify declarations (Art. 81-82) initiate infringement procedures (Art. 82-83) fulfil obligations undertaken by the Euratom Community in agreements with international organizations and Third States (Art. 77 b) Security Plan 23/10/2014 2

The roots. EURATOM Safeguards Apply to all nuclear material and installations in the EU, except nuclear material and installations used for defense purposes in the Nuclear Weapon States (NWS) From a practical point of view this means that: no difference can be made by the Commission (EC) between safeguards applied in NWS and in Non-NWS (Art. 77a and 84), and at the same, safeguards is applied in a way that the EC makes sure that all agreements with third parties are complied with (the main party in this respect being the IAEA), Art. 77b The joint EURATOM / IAEA remote monitoring network is one of the results of the cooperation with the IAEA. Security Plan 23/10/2014 3

Why. Why a Security Plan? It is all about clarification.. Security Plan 23/10/2014 4

Where it's about. Tomorrow's data handling Data handling in NPP & Lux/Vienna HQ will not be changed No formal classification, but treated as sensitive information Onsite storage of data for about 6 8 months backup for VPN black out Review net separated in technical and safeguards review EURATOM & IAEA want to automate data transfer via VPN To make the data transfer much more secured To have daily feedback about proper system work - less redundancy To save inspector and operator effort for add. inspections Nothing new you would say. Security Plan 23/10/2014 5

Why the fuzz? No change, so what's the point? INTERNET

Why the fuzz?

Into details What can be found in a Security Plan? Explanations The technical details of the remote monitoring network The dataflow from the NPP to Luxembourg and Vienna Assessment of the security requirements & risks Clarify the security requirements of all connected systems & data Compare the old and new situation Give an inventory of security measures vs. threats More explanations Related procedures, like incident handling Data handling and its relation to privacy Security Plan 23/10/2014 8

Into details

Into details

Into details A risk based approach Clarify the security requirements (chapter 3) It is not only about confidentiality!!! The highest risk may be something completely different. Assess the threats and security measures (chapter 4 & 5) Is your biggest fear realistic? Every stakeholder has its own agenda.. 100% secure is as realistic as a square circle. How to make ends meet. (Chapter 6, 7, conclusion) Assess related subjects, like incident handling & privacy Implement the solution that meet the requirements. Security Plan 23/10/2014 11

Into details

Into details What if? Incident notification scheme Required incident action Stakeholder Contact Tel.no. Equipment (Power) Reset Operator (for help) Euratom (to initiate) RO, FO, TFO +352 621 901024 Cabling and Connectivity check Operator (for help) Euratom (to initiate) RO, FO, TFO +352 621 901024 Equipment replacement Operator (for help) Euratom (to initiate) RO, FO, TFO +352 621 901024 IAEA (to keep CoK) Broken seals Operator (for insp. prep.) Euratom RO, FO, TFO +352 621 901024 IAEA Damaged or missing files Operator (for insp. prep.) Euratom (to initiate) RO, FO, TFO +352 621 901024 IAEA Malware Euratom IAEA VPN Encryption Failure Euratom (replace device) RO, FO, TFO +352 621 901024 IAEA (Certificates) Operator (for insp. prep.) Camera Encryption Failure Euratom (re-key camera) RO, FO, TFO +352 621 901024 IAEA (new key set) Operator (for insp. prep.) Data leak Operator Euratom RO, FO, TFO +352 621 901024 IAEA Abbreviations: RO: EURATOM Review Officer FO: EURATOM Facility Officer TFO: EURATOM Technical Facility Officer

The context IMS QMS ICS Security Plan 23/10/2014 14

The context Documents types identified within the Directorate of NUCLEAR SAFEGUARDS Internal documents document issued within the Integrated Management System of the ENER.DDG2.E NUCLEAR SAFEGUARDS Security Plan Joint RM Network Security Plan RDT Finland Documents of external origin documents that do not originate within the Directorate, but are necessary for ensuring quality and meeting requirements. These documents are issued outside the Directorate Commission Guidelines on Security Plans Comm. Decision C(2006)3602 on Information Security Commission Implementing Rules C(2006)3602 Commission Guidelines on Asset Classification Commission standard on Cryptography and PKI Commission standard on Security Risk Management

Questions? Johan Stronkhorst Johan.stronkhorst@ext.ec.europa.eu

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information