Outcomes from the Use of a Security Information and Event Management Tool for Operational Technology in a Computer Security Exercise

Year
2024
Author(s)
Rodney Busquim e Silva - International Atomic Energy Agency
Paul Smith - Lancaster University (LU, UK)
Gustavo Berman - Comisión Nacional de Energía Atómica (CNEA, Argentina)
Laurent Moutenot - French Nuclear Security Center of Excellence (CoE/EDF, France)
Ricardo Paulino Marques - Universidade de São Paulo
Khalil El-Khatib - Ontario Tech University (OT, Canada)
Hayden Nolan - Ontario Tech University (OT, Canada)
Abstract

This work presents the framework and the outcomes, from the participants’ perspective, of the deployment of the International Atomic Energy Agency (IAEA) Asherah Nuclear Power Plant Simulator 2.0 (ANS 2.0) virtual environment, including a proof-of-concept Security Information and Event Management (SIEM), during the Regional Workshop on Conducting Computer Security Exercises for Nuclear Security (March 2024). This workshop was designed and organized by IAEA with the support of subject matter experts, and it was hosted by the French Nuclear Security Centre of Excellence (CoE/EDF). The workshop development applied lessons learned from the IAEA’s support to the Brazilian Cyber Guardian Exercises (5 editions, from 2018 to 2023) and the Slovenia KiVA Exercise (2022). The event participants played the roles of a computer security incident response team (CSIRT) in a real-fire computer security exercise conducted using an integrated environment and featuring information technology (IT) and operational technology (OT) incidents and events. The ANS 2.0, implemented using Docker/container technology, allowed the participants to have access to an independent virtual environment, to better understand a realistic IT and OT cyberattack scenario following a real-time escalating adversary campaign, within a network architecture that applies the IAEA guidance on computer security. The integration of a proof-of-concept SIEM with ANS 2.0 increased the complexity of the exercise, allowing the participants to recognize the importance of automated tools to defend against an OT cyber-attack, while assessing real-time data analysis. The workshop provided trainees with insights to tailor the ANS 2.0 virtual environment to their country's specific needs, organizational structures, and procedures, enabling them to design more targeted training and awareness activities for their respective Member States. The workshop surpassed participant expectations, delivering high-quality content and showcasing the advanced capabilities of the IAEA virtual environment.