Cyber Security Technical Seminar at OPG Suppliers Day

Less than two weeks after the global ransomware attack that affected organizations worldwide, SWI delivered a technical seminar on Cyber Security for Nuclear Power Plants at the 2017 OPG Suppliers Day event. The seminar was conducted by resident cyber security expert Bobby Fichman, who has over 27 years of experience in the Nuclear industry. Through senior leadership positions in the management of Software for Nuclear Plants, Bobby has had first-hand experience dealing with cyber security challenges.

In the seminar, Bobby outlined the drivers for digital upgrades and the increased risk upon introducing the technology. He also spoke of the significant advantages digital components have, particularly in instrumentation and control environments: digital components are more reliable, can accomplish more through better features, and can aid in overall data storage and analysis. Furthermore, features such as wireless capabilities make equipment easier and cheaper to install than traditional hard-wired systems. However, with these features also come increased risk: digital systems are particularly susceptible to concurrent, synchronized attacks and attackers no longer require a physical presence to compromise a system. Like traditional PCs, these systems could be compromised from entirely different parts of the planet and it would not even require an internet connection, as many people would suspect.

The real-world examples that Bobby presented were particularly interesting. The 2015 attack against the Ukraine power grid showed that socio-political and economic factors could cause state players to participate in cyber-crime. The attack was an example of a coordinated effort, causing concurrent failures in multiple systems. Similarly, Stuxnet, a malicious computer worm that targeted an Iranian Uranium enrichment facility in 2010, highlighted how sophisticated and planned an attack could be, spanning several months, causing millions of dollars in damage to equipment, and taking advantage of multiple zero-day exploits (undiscovered vulnerabilities in software which hackers can exploit). The attackers used careful planning to jump an “air gap” onto critical systems that were disconnected from the Internet. The event illustrated the importance of cyber security awareness as there were observations made by the staff that were disregarded which could have caught the attack earlier and prevented further damage to their equipment.**

In response to the growing landscape of cyber-attacks, the CSA group published standard N290.7-14 – Cyber Security for Nuclear Power Plants and Small Reactor Facilities. Bobby helped highlight important requirements from the standard, in which he was a named contributor. He also shared SWI’s expertise in N290.7, which assists organizations with their overall cyber security implementation and strategy.

A major theme throughout the presentation was how awareness & training can significantly affect the outcome of a targeted cyber-attack. The theme was reinforced by the following Q&A session where it was asked why having cyber security considerations during the decommissioning of a system is important. The answer: a system being decommissioned may contain confidential information that can be dangerous in an attacker’s hands. In a world with hacker-for-hire groups such as Sandworm (the hacking group responsible for the Ukraine attack), just about anyone with limited knowledge and a credit card can pose a significant cyber threat.

Overall, the entire session was a useful reminder of the importance of maintaining a cyber-security mindset, both from an organizational perspective and throughout a system’s lifecycle. When users are able to think actively from attacker’s perspective, it greatly increases their ability to protect their critical systems. SWI has the experience in cyber security and a deep knowledge of control systems to assist organizations in achieving that mindset.

** The observations included seeing the systems function normally when running its application from a CD-ROM as opposed to a USB stick. It is commonly rumored that the attackers were able to jump the “air gap” using infected USB sticks intentionally dropped near the facility’s parking lots.

Suggested Articles

Speak Your Mind