The control room inside the Paks nuclear power plant in Hungary. Photo: Bloomberg/Contributor
Incident response
All civil nuclear facilities should consider establishing computer security incident response (CSIR) teams if such capabilities are not already in place. The existence of a CSIR team is a prerequisite for obtaining civil nuclear cyber insurance and also essential for organizations that choose to manage their security programmes without external insurance. A competent CSIR team is capable of answering questions about the integrity of computer systems, investigating where and when systems were or might have been hacked, and how to respond to such attacks.
If an organization or facility does not have a CSIR team, it should aim to expand its knowledge of what such teams do, and of how their work is distinct from preventative measures such as installing anti-virus software, managing firewalls and setting password policies. Just as first-aid training and eyewash stations are provided to reduce the impact of physical safety incidents, CSIR teams focus on remediation, rather than on merely preventative measures, when a cybersecurity incident occurs. A good guide to incident response for policymakers can be found in the FIRST.org training section.26