Internatinal Cnference n Cmputer Security in a Nuclear Wrld: Expert Discussin and Exchange IAEA Headquarters Vienna, Austria 1 5 June 2015 Ref. N.: IAEA-CN-228 Organized by the IAEA in cperatin with Internatinal Criminal Plice Organizatin INTERPOL Internatinal Telecmmunicatin Unin (ITU) United Natins Interreginal Crime and Justice Research Institute (UNICRI) Internatinal Electrtechnical Cmmissin (IEC) Annuncement and Call fr Papers
Page 2 A. Intrductin The cmputer systems and netwrks supprting nuclear facility peratins include many nn-standard infrmatin technlgy systems in terms f architecture, cnfiguratin, r perfrmance requirements. These systems can include specialized industrial cntrl systems, access cntrl systems, alarm and tracking systems, and infrmatin systems pertaining t safety and security and emergency respnse. Cmputer security is cncerned with the prtectin f digital data and defending systems and netwrks against malicius acts. The Stuxnet cmputer security incident demnstrated that nuclear facilities can be susceptible t cyberattack. This and ther events have significantly raised glbal cncerns ver ptential vulnerabilities and the pssibility f a cyberattack r a jint cyber physical attack that culd impact n nuclear security. The use f cmputers and ther digital electrnic equipment in physical prtectin systems at nuclear facilities as well as in facility safety systems, instrumentatin, infrmatin prcessing and cmmunicatin cntinues t grw and presents an ever mre likely target fr cyberattack. Cmputer security at facilities handling nuclear and ther radiactive material, as well as fr assciated activities such as transprt, represents a unique set f challenges. The Ministerial Declaratin adpted at the Internatinal Cnference n Nuclear Security: Enhancing Glbal Effrts held in Vienna, Austria, in July 2013, recgnized the Internatinal Atmic Energy Agency s (IAEA s) effrts t raise awareness f the grwing threat f cyberattacks and their ptential impact n nuclear security, and encuraged the IAEA t make further effrts t fster internatinal cperatin and t assist States, upn request, in this area thrugh the establishment f apprpriate guidance and by prviding fr its applicatin. Many Member States have already made specific requests t the IAEA Secretariat fr assistance and additinal activities. This new cnference is being rganized t fster internatinal cperatin in cmputer security as an essential element f nuclear security. B. Purpse and Objectives The purpse f the cnference is t: (a) review the internatinal cmmunity s experience and achievements t date in strengthening cmputer security within the framewrk f nuclear security; (b) enhance understanding f current appraches fr cmputer security wrldwide within nuclear regimes, and identify trends; and (c) prvide a glbal frum fr cmpetent authrities, peratrs and ther entities engaged in cmputer security activities relevant t nuclear security. The cnference will prvide a frum fr: Presentatin and discussin f nuclear security effrts t date within the area f cmputer security (including achievements, experience gained, and lessns learned). Review f emerging trends in cmputer security and areas that may still need t be addressed. Cnsideratin f pssible bjectives and pririties fr nuclear security effrts in cmputer security and hw current appraches may evlve t address these and t meet future challenges. Cnsideratin f hw the IAEA and ther internatinal rganizatins can cntribute t internatinal cperatin in this grwing area.
Page 3 The cnference will nt discuss any sensitive nuclear security infrmatin. C. List f Tpics The cnference will address the fllwing prvisinal tpics divided int nine main grups: 1. Cyberthreats in Nuclear Security Cmputer threat assessment at natinal and facility level Cmputer security cnsideratins when develping a design basis threat: the insider threat, advanced persistent threats, blended cyber physical attacks, etc. Trends in cyberattacks Cmputer security f public infrastructure assciated with nuclear facilities Threat cmmunicatin and aspects f infrmatin security 2. Cmputer Security and System Design fr Systems at Nuclear Facilities Cmputer security in the develpment f systems and sftware Design f new systems Defence in depth and graded apprach in system design The cmputer security impact f emerging technlgies Designing and integrating security fr legacy systems 3. Crdinatin fr Ensuring Cmputer Security in a Nuclear Security Regime Safety security interface cnsideratins Physical prtectin cmputer security interface cnsideratins Infrmatin technlgy and instrumentatin and cntrl (I&C) systems 4. Nuclear Security Regulatry Appraches t Infrmatin and Cmputer Security Nuclear security framewrk fr infrmatin and cmputer security (including the develpment, implementatin, assessment and sustainment f such a framewrk and relevant educatin strategy) Appraches in assessing cmputer security f licensed facilities Regulatry review f cmputer security experience sharing by the regulatr
Page 4 5. Cmputer Security Prgrammes at Licensed Facilities Plicy and cmputer security fr cmputer and ther digital electrnic equipment (infrmatin systems, mbile devices, industrial cntrl systems, etc.) Infrmatin security and scial media Sharing and prtectin f infrmatin n cmputer security issues at the internatinal, natinal, and crss-sectr level Cmputer security educatin and training prgrammes 6. Cmputer Security Management in Nuclear Security Diverse systems management (I&C, enterprise, physical prtectin, cmmunicatin, etc. systems) Defence in depth cnsideratins Implementatin f the graded apprach (znes and security levels) Asset management (identificatin f key systems and essential assets) Cnducting cmputer security assessments Cmputer security in the prcurement prcess/supply chain Practices in implementing infrmatin security Cmputer vulnerability analysis at nuclear facilities Risk management Cntingency planning and incident respnse fr cmputer security events at nuclear facilities Cnducting cmputer security exercises Ensuring a secure develpment envirnment New technlgy challenges fr cmputer security Lessns learned frm peratr experience in cmputer security implementatin Identity and access management 7. Cmputer Security Culture and Capacity Building fr Nuclear Security Building, maintaining, and prmting a culture f awareness fr cmputer and infrmatin security Prcesses fr evaluating security culture within the natinal nuclear security regime Prtecting against scial engineering
Page 5 8. Special Tpics Internatinal cperatin in infrmatin and cmputer security as a nuclear security activity Cmputer security cnsideratins fr radiactive material ut f regulatry cntrl Cmputer security cnsideratins fr nuclear and radiactive materials in transprt Integrated cmputer security testing appraches Cmputer security management during the lifecycle f nuclear and radiactive material facilities Panel discussin: The Future f Cmputer Security at Nuclear Facilities Cybercrime (cybercrime scene management at nuclear facilities, digital frensics, etc.) Data encryptin techniques fr use in nuclear facilities 9. Internatinal and Legal Cnsideratins in Relatin t Cmputer Security at Nuclear Facilities Internatinal legal framewrks Rle f the IAEA and its interactin with ther internatinal rganizatins Legal measures fr addressing cyberattacks against nuclear facilities D. Structure The cnference prgramme will cnsist f an pening plenary sessin, a general plenary sessin, technical sessins, a pster sessin, panel sessins and a clsing plenary sessin. The pening plenary sessin will include welcming addresses by representatives f the IAEA, cperating rganizatins and ther relevant rganizatins, and high level keynte presentatins. The main sessin will cntinue with a cmbinatin f invited presentatins and submitted papers addressing the main themes and tpics f the cnference. Each technical sessin will include presentatins by invited keynte speakers fllwed by presentatins that supplement specific areas within the tpical sessin and stimulate discussin amng cnference participants. The prgramme will include a panel discussin n the path frward in infrmatin and cmputer security. The cnference will als include pster sessins and sufficient time will be prvided fr discussin and interactin with clleagues. The final plenary sessin n the last day f the cnference will be dedicated t cnclusins and recmmendatins.
Page 6 E. Synpses, Papers and Prceedings All papers submitted ther than invited keynte papers must present riginal wrk and shuld nt have been published elsewhere. Persns wh wish t present a paper at the cnference either rally r in the frm f a pster must submit a synpsis f between 400 and 800 wrds n ne f the tpics listed under Sectin C. The synpsis shuld give enugh infrmatin n the cntents f the prpsed paper t enable the Prgramme Cmmittee t evaluate it. Including t many intrductry and general matters shuld be avided. The accepted synpses will be reprduced unedited in the electrnic Bk f Extended Synpses which will be distributed t all participants at the cnference. E.1. Submissin f synpses Persns wh wish t present a paper r pster at the cnference must submit a synpsis in electrnic frmat (n paper cpies) directly t the IAEA. Instructins n hw t uplad the synpsis t the cnference s web brwser-based file submissin system (IAEA-INDICO) will be available n the cnference web page (see Sectin M) as f 15 August 2014. The synpses must be submitted thrugh this system by 14 Nvember 2014. N ther frm f submissin will be accepted. In additin, authrs must submit the fllwing tw frms t their apprpriate gvernmental authrity (see Sectin F) fr transmissin t the IAEA: Participatin Frm (Frm A) Frm fr Submissin f a Paper (Frm B) Bth these frms must be received by the IAEA nt later than 14 Nvember 2014. IMPORTANT: The electrnically received synpses will be cnsidered by the Prgramme Cmmittee nly if these tw frms have been received by the IAEA thrugh the established fficial channels (see Sectin F). E.2. Acceptance f synpses Given the number f synpses anticipated and the need t prvide ample time fr discussin, the number f papers that can be accepted fr ral presentatin is limited. Authrs wh prefer t present their papers as psters are requested t indicate this preference n Frm A. Authrs will be ntified by 27 February 2015 as t whether their papers have been accepted. E.3. Submissin f full papers Only authrs f papers selected fr ral presentatin are requested t submit a full paper. Full papers must be submitted thrugh the IAEA-INDICO file submissin system. Specificatins fr the layut and electrnic frmat f the full papers will be made available n the cnference web page. The deadline fr electrnic submissin f the full papers as bth PDF and Wrd files is 2 May 2015. IMPORTANT: The system fr electrnic submissin f papers, IAEA-INDICO, is the sle mechanism fr submissin f regular papers. Authrs are encuraged t submit papers as early as pssible.
Page 7 E.4. Cnference Prceedings The prceedings cntaining summaries f the plenary and technical sessins as well as full papers presented at the cnference will be published by the IAEA as sn as pssible after the cnference. Cpies f the prceedings can be rdered, at a special discunted price, during r after the cnference. F. Participatin and Registratin All persns wishing t participate in the cnference are requested t register nline in advance thrugh the cnference web page (see Sectin M). In additin, they are required t send a cmpleted Participatin Frm (Frm A) and, if applicable, the Frm fr Submissin f a Paper (Frm B) and the Grant Applicatin Frm (Frm C) t their cmpetent natinal authrity (e.g. Ministry f Freign Affairs r Natinal Atmic Energy Authrity), r t ne f the rganizatins invited t participate, fr subsequent electrnic transmissin t the IAEA (Official.Mail@iaea.rg). A participant will be accepted nly if the Participatin Frm is transmitted thrugh the cmpetent natinal authrity f a Member State f the IAEA r by an rganizatin invited t participate. Participants whse fficial designatins have been received by the IAEA will receive further infrmatin n the cnference at least three mnths befre the pening f the cnference. This infrmatin will als be psted n the cnference web page. G. Expenditures and Grants N registratin fee is charged t participants. The IAEA is generally nt in a psitin t bear the travel and ther csts f participants in the cnference. The IAEA has, hwever, limited funds at its dispsal t help cver the cst f attendance f certain participants. Such assistance may be ffered upn specific request t nrmally ne participant per cuntry prvided that, in the IAEA s view, the participant n whse behalf assistance is requested will make an imprtant cntributin t the cnference. If gvernments wish t apply fr a grant n behalf f ne f their specialists, they shuld address specific requests t the IAEA t this effect. Gvernments shuld ensure that applicatins fr grants are: 1. Submitted by 14 Nvember 2014; 2. Accmpanied by a cmpleted and signed Grant Applicatin Frm (Frm C); and 3. Accmpanied by a cmpleted Participatin Frm (Frm A). Applicatins that d nt cmply with the abve cnditins cannt be cnsidered. Apprved grants will be issued in the frm f a lump sum payment that usually cvers nly part f the cst f attendance.
Page 8 H. Wrking Language The wrking language f the cnference will be English. All cmmunicatins and papers must be sent t the IAEA in English. I. Venue and Accmmdatin The cnference will be held at the IAEA s Headquarters in Vienna, Austria. Detailed infrmatin n accmmdatin and ther relevant matters will be sent directly t all designated participants apprximately three mnths befre the pening f the cnference. This infrmatin will als be made available n the cnference web page (see Sectin M) as sn as pssible. J. Visas Designated participants wh require a visa t enter Austria shuld submit the necessary applicatin t the nearest diplmatic r cnsular representative f Austria at least fur weeks befre they travel t Austria. Since Austria is a Schengen State, persns requiring a visa will have t apply fr a Schengen visa. In States where Austria has n diplmatic missin, visas can be btained frm the cnsular authrity f a Schengen Partner State representing Austria in the cuntry in questin. K. Key Deadlines and Dates Submissin f Abstract by 14 Nvember 2014 Submissin f Frm fr Submissin f a Paper (Frm B): by 14 Nvember 2014 (Must be submitted tgether with the Participatin Frm [Frm A]) Submissin f Grant Applicatin Frm (Frm C): by 14 Nvember 2014 (Must be submitted tgether with Frm A) Ntificatin f acceptance f abstracts by 27 February 2015 Submissin f accepted full paper (10 pages max.): by 2 May 2015
Page 9 L. Cnference Secretariat General cntact details f the Cnference Secretariat: Internatinal Atmic Energy Agency Vienna Internatinal Centre PO Bx 100 1400 VIENNA AUSTRIA Tel.: +43 1 2600 Fax: +43 1 2600 2007 Email: Official.Mail@iaea.rg Scientific Secretary: Mr Dnald Dudenheffer Nuclear Security Infrmatin Officer Infrmatin Management Sectin Divisin f Nuclear Security Department f Nuclear Safety and Security Tel.: +43 1 2600 26424 Email: cmpsec2015@iaea.rg Administratin and rganizatin: Ms Julie Zellinger Cnference Services Sectin Divisin f Cnference and Dcument Services Department f Management IAEA-CN-228 Tel.: +43 1 2600 21321 Email: J.Zellinger@iaea.rg Subsequent crrespndence n scientific matters shuld be sent t the Scientific Secretary and crrespndence n administrative matters t the IAEA s Cnference Services Sectin. M. Cnference Web Page Please visit the IAEA cnference web page regularly fr new infrmatin regarding this cnference: http://www-pub.iaea.rg/iaeameetings/46530/internatinal-cnference-n-cmputer-security-in-a- Nuclear-Wrld-Expert-Discussin-and-Exchange
Frm A IAEA-CN-228 Internatinal Atmic Energy Agency Participatin Frm Internatinal Cnference n Cmputer Security in a Nuclear Wrld: Expert Discussin and Exchange IAEA Headquarters, Vienna, Austria 1 5 June 2015 T be cmpleted by the participant and sent t the cmpetent fficial authrity (e.g. Ministry f Freign Affairs, Permanent Missin t the IAEA, r Natinal Atmic Energy Authrity) f his/her cuntry fr subsequent transmissin t the Internatinal Atmic Energy Agency (IAEA), Vienna Internatinal Centre, PO Bx 100, 1400 Vienna, Austria either electrnically by email t Official.Mail@iaea.rg r by fax t: +43 1 26007 (n hard cpies needed). Family name: Given name(s): Mr/Ms Institutin: Full address: Fr urgent cmmunicatins please indicate: Tel.: Fax: Email: Natinality: Designating Gvernment r rganizatin: Mailing address (if different frm address indicated abve): D yu intend t submit a paper? Yes N Wuld yu prefer t present yur paper as a pster? Yes N Title:
Frm B IAEA-CN-228 Internatinal Atmic Energy Agency Frm fr Submissin f a Paper Internatinal Cnference n Cmputer Security in a Nuclear Wrld: Expert Discussin and Exchange IAEA Headquarters, Vienna, Austria 1 5 June 2015 T be cmpleted by the participant and sent t the cmpetent fficial authrity (e.g. Ministry f Freign Affairs, Permanent Missin t the IAEA, r Natinal Atmic Energy Authrity) f his/her cuntry fr subsequent transmissin t the Internatinal Atmic Energy Agency (IAEA), Vienna Internatinal Centre, PO Bx 100, 1400 Vienna, Austria, either electrnically by email t: Official.Mail@iaea.rg r by fax t: +43 1 26007 (n hard cpies needed). Participants wh are members f an invited rganizatin can submit this frm t their rganizatin fr subsequent transmissin t the IAEA. Deadline fr receipt by IAEA thrugh fficial channels: 14 Nvember 2014 Title f the paper: Family name(s) and initial(s) f authr(s) 1. Scientific establishment(s) in which the wrk has been carried ut City/Cuntry 2. 3. Family name f authr wh will present the paper Mailing address: Initial(s): Mr/Ms Fr urgent cmmunicatins please indicate Email: Tel.: Fax: I hereby agree t assign t the Internatinal Atmic Energy Agency (IAEA): the cpyright r the nn-exclusive, ryalty-free licence (this ptin is nly fr thse authrs whse parent institutin des nt allw them t transfer the cpyright fr wrk carried ut in that institutin) t publish the abve-mentined paper, and certify that n ther rights have been granted which culd cnflict with the right hereby given t the IAEA. the release f electrnic presentatins t be included in PDF frmat in the prceedings and n the IAEA website (if applicable) Date: Signature f main authr:
Frm C IAEA-CN-228 Internatinal Atmic Energy Agency Grant Applicatin Frm Internatinal Cnference n Cmputer Security in a Nuclear Wrld: Expert Discussin and Exchange IAEA Headquarters, Vienna, Austria 1 5 June 2015 T be cmpleted by the applicant and sent t the cmpetent fficial authrity (e.g. Ministry f Freign Affairs, Permanent Missin t the IAEA, r Natinal Atmic Energy Authrity) f his/her cuntry fr subsequent transmissin t the Internatinal Atmic Energy Agency (IAEA), Vienna Internatinal Centre, PO Bx 100, 1400 Vienna, Austria, either electrnically by email t: Official.Mail@iaea.rg r by fax t: +43 1 26007 (n hard cpies needed). Deadline fr receipt by IAEA thrugh fficial channels: 14 Nvember 2014 Family name: Given name(s): Mr/Ms: Mailing address: Tel.: Fax: Email: Date f birth (yy/mm/dd): Natinality: 1. Educatin (pst-secndary): Name and place f institutin Field f study Diplma r Degree Years attended frm t 2. Recent emplyment recrd (Starting with yur present pst): Name and place f emplyer/ rganizatin Title f yur psitin Type f wrk Years wrked frm t 3. Descriptin f wrk perfrmed ver the last three years: 4. Institute s/member State s prgramme in field f cnference: Date: Date: Signature f applicant: Name, signature and stamp f respnsible Gvernment fficial: