Over the past few years, CNL has quietly been growing its bench strength in cyber security. Building off decades of experience in mission critical industrial control systems for Nuclear Power Plants (NPPs) that segued into cyber security for these systems, in recent years our Fredericton-based team has expanded its area of influence to include other critical infrastructure. In fact, the demand for these specialized services is such that the team is already preparing to move from its current home, opened in 2017, to a new and larger secure facility that will allow the team to continue to grow and pursue classified cyber security work for nuclear and other critical infrastructure.
CNL’s growing capabilities have not gone unnoticed, and increasingly our cyber team is being called on to work in partnership with others in the sector. The US Government has a clear interest in engaging with Canada as a peer country to further advance nuclear security, and discussions revealed strong alignment between CNL and the US national laboratories. Last year, CNL signed a “Collaborative Research and Development Agreement (CRADA) with Sandia National Lab (SNL) on projects which aim to support the assessment of a nuclear operator’s ability to respond to cyber security incidents.
“The CRADA is a critical tool that allows CNL to work seamlessly with our counterparts in U.S. national laboratories. These collaborations allow for more robust and realistic exercises that ultimately benefit, in this case, Canadian nuclear utilities,” commented Bill Ulicny, Head of CNL’s Safety & Security Directorate. “They broaden our perspective on the landscape of cyber security of operational technology in nuclear facilities and other critical infrastructure, strengthen partnerships with our American counterparts, and provide an opportunity to demonstrate CNL capabilities to support preparedness and response to cybersecurity events.”
Under this CRADA, the project will develop and conduct cyber security exercises to support NPP operators and relevant staff within the facility; build understanding in how to recognize and respond to a cyber-attack; address how to conduct analysis to determine the consequences of the attack; and, identify elements to consider when developing a cyber security incident response program.
The first such exercise has just wrapped up. In March, enabled by a project under AECL’s Federal Nuclear Science & Technology (FNST) Work Plan, CNL hosted a very successful two-day hands-on cyber security incident response exercise at its National Innovation Centre for Cybersecurity in Fredericton, New Brunswick. The event included participation from AECL, Bruce Power, Canadian Nuclear Safety Commission (CNSC), Idaho National Laboratory, SNL, and the National Nuclear Security Administration (NNSA) Office of International Nuclear Security.
“One of the strengths of the FNST Work Plan is the ability to connect CNL with organizations from across the federal family with key stakeholders such as the CNSC, Canadian Security Establishment, Defence Research and Development Canada, and Public Safety. It also enables Canada to effectively participate in its bilateral and multi-lateral agreements. This exercise builds on the Memorandum of Understanding between AECL and NNSA signed last year,” adds Karen Huynh, Director, Science & Technology with AECL. “This exercise was a great opportunity for industry and government to work together to improve the cyber security posture nationally and with our partners internationally.”
While tabletop exercises are more common place, this functional, “hands-on” exercise “was really the first-of-a-kind for many if not all of the participants, as it included a cyber attack on an operating process control system and had the “players” detecting and responding to the attack using their actual plant processes and procedures in real time, in a safe environment,” explained Dave Trask, Principal Engineer, Cyber Security. “It is through exercises like this that we can evaluate assumptions made by staff about expected responses by interfacing departments, timing and duration of activities, assessment of the cognitive workload, as well as the communication challenges facing the plant staff in response to real operational events.”
CNL’s Cyber Security Research Team would like to acknowledge and thank the following organizations for their contributions, without their support and participation this event could not have been as successful: AECL, NNSA, Bruce Power, CNSC, SNL, and INL.
SIDEBAR: CNL’s National Innovation Center for Cyber Security (NICCS) was purpose built for conducting exercises, delivering training, performing architectural and supply chain assessments, and conducting evidence based research on operational technologies that make up the automation and control systems of our nuclear and critical infrastructure facilities. Key elements of the NCCIS facility include an integrated training and observation center, cyber security operations centre, main control room, an adversary command centre and area representative of the plant floor/control equipment rooms. These facilities have been built around a physical and virtual technology stack configured in a defensive cyber security architecture that represents a full end-to-end nuclear power plant from emergency shutdown systems to internet facing business enterprise systems and backed by a nuclear plant simulator with an instrumented, small-scale, process system mock-up of the steam generators.