Search within Atkins website
More specific search? Try these
Angles publication platform
Create PDF document
Add web pages to PDF bundle for download
How to use PDF generator
Pages in bundle
View / Manage bundle
10 Aug 2016
Insert banner title text here
The Department for Business, Energy & Industrial Strategy is the first government department to launch a five year sector cyber security strategy. This sets expectations for industry, government, and regulators in light of increasing cyber threats and significant technological change. It specifies how risks will be addressed, by whom, when and how success is to be measured. It is transformational, and has substantial implications for the nuclear sector, particularly in the supply chain.
The Civil Nuclear Cyber Security Strategy; (CNCSS) complements the existing National Cyber Strategy, and sets stretch goals in consultation with industry, to address the risks to the safe and secure operation of new civil nuclear facilities and the management of legacy and waste facilities.
Success will be demonstrated:
The desired outcome is to deliver an industry which has a mature approach to understanding the cyber threat, and is able to produce solutions which efficiently and effectively address that threat. Specific outcomes are:
The strategy highlights four distinct activities to support delivery:
Atkins recognises the imperative for the nuclear sector. Recent events illustrate the potential consequences to the UK nuclear industry: Fukushima Daiichi nuclear disaster and the resulting closure of the German nuclear industry. Reputational damage resulted from malware found on the Gundremmingen nuclear plant in western Bavaria, which entailed a precautionary reactor shutdown. Incidents affecting individual organisations may impact the sector nationally and internationally, undermining confidence.
Work is already ongoing in a sector that keenly appreciates the need for safe and secure operation that also safeguards public confidence. The nuclear industry has traditionally focused on safety to provide resilience and security. More dynamic approaches are required to stay ahead of the continuously evolving cyber threat, the increasing nation state capability and the terrorist potential. The implementation of new operational technology could increase opportunities for malicious intent.
The strategy reinforces key themes essential to successful cyber security implementation; dealing with the increasing threat, board awareness, governance, Operational Technology (OT) and IT, and the interdependence of safety and security. Delivery will demand transformation, whilst ensuring all sector participants are fully engaged, particularly in the supply chain. This will entail closer relationships with partnering companies, contractors and suppliers to provide the proportionate cascaded risk ownership, understanding and mitigation. The supply chain will also be called upon to develop capacity and capability where there are skills shortfalls, especially in direct support of nuclear asset owners.
Nuclear facilities are required to be secure by design, and implementation. This necessitates appropriate cyber security skills and the development of industry capability to manage these activities both internally and the supply chain. This will place a requirement upon the supply chain to demonstrate measures proportionate to the risk they own. The regulatory approach is now transitioning from compliance to risk-based assurance. Whilst there have been rapid developments in both generic and sector guidance, industry participants would welcome direction under the new regime.
The nuclear industry needs to be resilient against increasingly sophisticated attacks requiring identification of critical assets and proportional risk mitigation. Security and safety necessitate equal emphasis to address risks, requiring IT, Operational Technology and physical security collaboration to achieve resilience. The Government is rightly looking to raise awareness across industry, ensuring executives have the information they require to develop the cyber security programmes with the necessary leadership, governance and resources to succeed. Non-executive boards will have greater means to hold boards to account.
The cyber strategy implementation is equally ambitious for all parties. It needs to be, in order to meet the continuously evolving, uninhibited threat and maintain public confidence in the nuclear industry, which is essential for our economic well-being.
Local contacts in our regional offices can be found in the Locations section.
Local language websites exist for Denmark, Sweden, Norway and Asia Pacific. To see a full list of our websites, go to the Our websites page.
In the Sector and Service part of the website, relevant regional contacts have been identified.
Faithful+Gould is a member of the Atkins group of companies.
Register for our news alerts and receive the latest news and events
Connect with us
Most computers will open PDF documents automatically, but you may need to download Adobe Reader.