Atomenergoproekt and Kaspersky Lab have developed a comprehensive cybersecurity plan for generation 3 + nuclear power plants

2022: Creation of a comprehensive cybersecurity plan for generation 3 + nuclear power plants

Within the framework of cooperation between JSC Atomenergoproekt (part of the Engineering Division of Rosatom State Corporation) and JSC Kaspersky Lab, a methodology was created that allows taking into account the most stringent safety requirements for nuclear facilities at the earliest stages of creating a generation 3 + nuclear power plant.

The developed comprehensive cybersecurity plan covers all types of computerized systems at nuclear power plants and includes more than 140 technical documents. During its creation, specialists focused on international norms and standards, including the IAEA, IEC, ISO, as well as methodological documents of the FSTEC of Russia on threat modeling.

{{quote "Overcoming difficulties in compliance with all regulations within the framework of this project is an excellent experience for our team," said Evgeny Kaspersky, General Director of Kaspersky Lab JSC. - We plan to apply it in new projects. }}

As a partner, we chose Kaspersky Lab, since the specialists of this organization have many years of experience in protecting critical infrastructure facilities, including nuclear power plants, and good competencies in the field of detecting industrial safety threats. Together, we were able to work out at a high level the security of the future facility in the information part, taking into account the requirements of several regulators at once and conduct coordination through a long chain of project participants, "said Ruben Topchiyan, Director General of Atomenergoproekt JSC. - We hope that the achievements of Kaspersky Lab experts will make an important contribution to the information security of a typical nuclear power plant project with generation 3 + VVER-1200.

The developed set of documentation lays down principles that allow to level future cyber risks, prevent incidents and identify vulnerabilities even at the stage of NPP design. Together, specialists from Kaspersky Lab and Atomenergoproekt formed a program for ensuring the cybersecurity of nuclear power plants, described a methodology for assessing risks and created an architectural cybersecurity plan.