International Conference on Computer Security in a Nuclear World: Expert Discussion and Exchange
Vienna, Austria
1 – 5 June 2015
Conference ID:
46530
(CN-228)
Organized by the
International Atomic Energy Agency (IAEA)
in cooperation with
International Criminal Police Organization – INTERPOL
International Telecommunication Union (ITU)
United Nations Interregional Crime and Justice Research Institute (UNICRI)
International Electrotechnical Commission (IEC)
Announcement and Call for Papers
A. Introduction
The computer systems and networks supporting nuclear facility operations include many non-standard information technology systems in terms of architecture, configuration, or performance requirements. These systems can include specialized industrial control systems, access control systems, alarm and tracking systems, and information systems pertaining to safety and security and emergency response. Computer security is concerned with the protection of digital data and defending systems and networks against malicious acts.
The Stuxnet computer security incident demonstrated that nuclear facilities can be susceptible to cyberattack. This and other events have significantly raised global concerns over potential vulnerabilities and the possibility of a cyberattack or a joint cyber–physical attack that could impact on nuclear security. The use of computers and other digital electronic equipment in physical protection systems at nuclear facilities as well as in facility safety systems, instrumentation, information processing and communication continues to grow and presents an ever more likely target for cyberattack. Computer security at facilities handling nuclear and other radioactive material, as well as for associated activities such as transport, represents a unique set of challenges.
The Ministerial Declaration adopted at the International Conference on Nuclear Security: Enhancing Global Efforts held in Vienna, Austria, in July 2013, recognized the International Atomic Energy Agency’s (IAEA’s) efforts to raise awareness of the growing threat of cyberattacks and their potential impact on nuclear security, and encouraged the IAEA to make further efforts to foster international cooperation and to assist States, upon request, in this area through the establishment of appropriate guidance and by providing for its application. Many Member States have already made specific requests to the IAEA Secretariat for assistance and additional activities.
This new conference is being organized to foster international cooperation in computer security as an essential element of nuclear security.
B. Purpose and Objectives
The purpose of the conference is to: (a) review the international community’s experience and achievements to date in strengthening computer security within the framework of nuclear security; (b) enhance understanding of current approaches for computer security worldwide within nuclear regimes, and identify trends; and (c) provide a global forum for competent authorities, operators and other entities engaged in computer security activities relevant to nuclear security. The conference will provide a forum for:
• Presentation and discussion of nuclear security efforts to date within the area of computer security (including achievements, experience gained, and lessons learned).
• Review of emerging trends in computer security and areas that may still need to be addressed.
• Consideration of possible objectives and priorities for nuclear security efforts in computer security and how current approaches may evolve to address these and to meet future challenges.
• Consideration of how the IAEA and other international organizations can contribute to international cooperation in this growing area.
The conference will not discuss any sensitive nuclear security information.
C. List of Topics
The conference will address the following provisional topics divided into nine main groups:
1. Cyberthreats in Nuclear Security
o Computer threat assessment at national and facility level
o Computer security considerations when developing a design basis threat: the insider threat, advanced persistent threats, blended cyber–physical attacks, etc.
o Trends in cyberattacks
o Computer security of public infrastructure associated with nuclear facilities
o Threat communication and aspects of information security
2. Computer Security and System Design for Systems at Nuclear Facilities
o Computer security in the development of systems and software
o Design of new systems
o Defence in depth and graded approach in system design
o The computer security impact of emerging technologies
o Designing and integrating security for legacy systems
3. Coordination for Ensuring Computer Security in a Nuclear Security Regime
o Safety–security interface considerations
o Physical protection–computer security interface considerations
o Information technology and instrumentation and control (I&C) systems
4. Nuclear Security Regulatory Approaches to Information and Computer Security
o Nuclear security framework for information and computer security (including the development, implementation, assessment and sustainment of such a framework and relevant education strategy)
o Approaches in assessing computer security of licensed facilities
o Regulatory review of computer security — experience sharing by the regulator
5. Computer Security Programmes at Licensed Facilities
o Policy and computer security for computer and other digital electronic equipment (information systems, mobile devices, industrial control systems, etc.)
o Information security and social media
o Sharing and protection of information on computer security issues at the international, national, and cross-sector level
o Computer security education and training programmes
6. Computer Security Management in Nuclear Security
o Diverse systems management (I&C, enterprise, physical protection, communication, etc. systems)
o Defence in depth considerations
o Implementation of the graded approach (zones and security levels)
o Asset management (identification of key systems and essential assets)
o Conducting computer security assessments
o Computer security in the procurement process/supply chain
o Practices in implementing information security
o Computer vulnerability analysis at nuclear facilities
o Risk management
o Contingency planning and incident response for computer security events at nuclear facilities
o Conducting computer security exercises
o Ensuring a secure development environment
o New technology challenges for computer security
o Lessons learned from operator experience in computer security implementation
o Identity and access management
7. Computer Security Culture and Capacity Building for Nuclear Security
o Building, maintaining, and promoting a culture of awareness for computer and information security
o Processes for evaluating security culture within the national nuclear security regime
o Protecting against social engineering
8. Special Topics
o International cooperation in information and computer security as a nuclear security activity
o Computer security considerations for radioactive material out of regulatory control
o Computer security considerations for nuclear and radioactive materials in transport
o Integrated computer security testing approaches
o Computer security management during the lifecycle of nuclear and radioactive material facilities
o Panel discussion: “The Future of Computer Security at Nuclear Facilities”
o Cybercrime (cybercrime scene management at nuclear facilities, digital forensics, etc.)
o Data encryption techniques for use in nuclear facilities
9. International and Legal Considerations in Relation to Computer Security at Nuclear Facilities
o International legal frameworks
o Role of the IAEA and its interaction with other international organizations
o Legal measures for addressing cyberattacks against nuclear facilities
D. Structure
The conference programme will consist of an opening plenary session, a general plenary session, technical sessions, a poster session, panel sessions and a closing plenary session.
The opening plenary session will include welcoming addresses by representatives of the IAEA, cooperating organizations and other relevant organizations, and high level keynote presentations. The main session will continue with a combination of invited presentations and submitted papers addressing the main themes and topics of the conference.
Each technical session will include presentations by invited keynote speakers followed by presentations that supplement specific areas within the topical session and stimulate discussion among conference participants. The programme will include a panel discussion on the path forward in information and computer security.
The conference will also include poster sessions and sufficient time will be provided for discussion and interaction with colleagues. The final plenary session on the last day of the conference will be dedicated to conclusions and recommendations.
E. Synopses, Papers and Proceedings
All papers submitted — other than invited keynote papers — must present original work and should not have been published elsewhere.
Persons who wish to present a paper at the conference — either orally or in the form of a poster — must submit a synopsis of between 400 and 800 words on one of the topics listed under Section C. The synopsis should give enough information on the contents of the proposed paper to enable the Programme Committee to evaluate it. Including too many introductory and general matters should be avoided. The accepted synopses will be reproduced unedited in the electronic Book of Extended Synopses which will be distributed to all participants at the conference.
E.1. Submission of synopses
Persons who wish to present a paper or poster at the conference must submit a synopsis in electronic format (no paper copies) directly to the IAEA. Instructions on how to upload the synopsis to the conference’s web browser-based file submission system (IAEA-INDICO) will be available on the conference web page (see Section M) as of 15 August 2014. The synopses must be submitted through this system by 14 November 2014. No other form of submission will be accepted.
In addition, authors must submit the following two forms to their appropriate governmental authority (see Section F) for transmission to the IAEA:
Participation Form (Form A)
Form for Submission of a Paper (Form B)
Both these forms must be received by the IAEA not later than 14 November 2014.
IMPORTANT: The electronically received synopses will be considered by the Programme Committee only if these two forms have been received by the IAEA through the established official channels (see Section F).
E.2. Acceptance of synopses
Given the number of synopses anticipated and the need to provide ample time for discussion, the number of papers that can be accepted for oral presentation is limited. Authors who prefer to present their papers as posters are requested to indicate this preference on Form A.
Authors will be notified by 27 February 2015 as to whether their papers have been accepted.
E.3. Submission of full papers
Only authors of papers selected for oral presentation are requested to submit a full paper. Full papers must be submitted through the IAEA-INDICO file submission system. Specifications for the layout and electronic format of the full papers will be made available on the conference web page. The deadline for electronic submission of the full papers as both PDF and Word files is 2 May 2015.
IMPORTANT: The system for electronic submission of papers, IAEA-INDICO, is the sole mechanism for submission of regular papers. Authors are encouraged to submit papers as early as possible.
E.4. Conference Proceedings
The proceedings containing summaries of the plenary and technical sessions as well as full papers presented at the conference will be published by the IAEA as soon as possible after the conference. Copies of the proceedings can be ordered, at a special discounted price, during or after the conference.
F. Participation and Registration
All persons wishing to participate in the conference are requested to register online in advance through the conference web page (see Section M). In addition, they are required to send a completed Participation Form (Form A) and, if applicable, the Form for Submission of a Paper (Form B) and the Grant Application Form (Form C) to their competent national authority (e.g. Ministry of Foreign Affairs or National Atomic Energy Authority), or to one of the organizations invited to participate, for subsequent electronic transmission to the IAEA (Official.Mail@iaea.org).
A participant will be accepted only if the Participation Form is transmitted through the competent national authority of a Member State of the IAEA or by an organization invited to participate.
Participants whose official designations have been received by the IAEA will receive further information on the conference at least three months before the opening of the conference. This information will also be posted on the conference web page.
G. Expenditures and Grants
No registration fee is charged to participants.
The IAEA is generally not in a position to bear the travel and other costs of participants in the conference. The IAEA has, however, limited funds at its disposal to help cover the cost of attendance of certain participants. Such assistance may be offered upon specific request to normally one participant per country provided that, in the IAEA’s view, the participant on whose behalf assistance is requested will make an important contribution to the conference.
If governments wish to apply for a grant on behalf of one of their specialists, they should address specific requests to the IAEA to this effect. Governments should ensure that applications for grants are:
1. Submitted by 14 November 2014;
2. Accompanied by a completed and signed Grant Application Form (Form C); and
3. Accompanied by a completed Participation Form (Form A).
Applications that do not comply with the above conditions cannot be considered.
Approved grants will be issued in the form of a lump sum payment that usually covers only part of the cost of attendance.
H. Working Language
The working language of the conference will be English. All communications and papers must be sent to the IAEA in English.
I. Venue and Accommodation
The conference will be held at the IAEA’s Headquarters in Vienna, Austria. Detailed information on accommodation and other relevant matters will be sent directly to all designated participants approximately three months before the opening of the conference. This information will also be made available on the conference web page (see Section M) as soon as possible.
J. Visas
Designated participants who require a visa to enter Austria should submit the necessary application to the nearest diplomatic or consular representative of Austria at least four weeks before they travel to Austria. Since Austria is a Schengen State, persons requiring a visa will have to apply for a Schengen visa. In States where Austria has no diplomatic mission, visas can be obtained from the consular authority of a Schengen Partner State representing Austria in the country in question.
K. Key Deadlines and Dates
Submission of Abstract by 30 January 2015
Submission of Form for Submission of a Paper (Form B): by 30 January 2015
(Must be submitted together with the Participation Form [Form A])
Submission of Grant Application Form (Form C): by 30 January 2015
(Must be submitted together with Form A)
Notification of acceptance of abstracts by 27 February 2015
Submission of accepted full paper (10 pages max.): by 2 May 2015
L. Conference Secretariat
General contact details of the Conference Secretariat:
International Atomic Energy Agency
Vienna International Centre
PO Box 100
1400 VIENNA
AUSTRIA
Tel.: +43 1 2600
Fax: +43 1 2600 2007
Email: Official.Mail@iaea.org
Scientific Secretary:
Mr Donald Dudenhoeffer
Nuclear Security Information Officer
Information Management Section
Division of Nuclear Security
Department of Nuclear Safety and Security
Tel.: +43 1 2600 26424
Email: compsec2015@iaea.org
Administration and organization:
Ms Julie Zellinger
Conference Services Section
Division of Conference and Document Services
Department of Management
IAEA-CN-228
Tel.: +43 1 2600 21321
Email: J.Zellinger@iaea.org
Subsequent correspondence on scientific matters should be sent to the Scientific Secretary and correspondence on administrative matters to the IAEA’s Conference Services Section.
M. Conference Web Page
Please visit the IAEA conference web page regularly for new information regarding this conference:
http://www-pub.iaea.org/iaeameetings/46530/International-Conference-on-Computer-Security-in-a-Nuclear-World-Expert-Discussion-and-Exchange
|