Within the framework of cooperation between Atomenergoproekt JSC (part of Rosatom State Corporation Engineering Division) and Kaspersky Laboratory JSC, a unique methodology has been developed which makes it possible to take into account the strict requirements for nuclear facilities at the earliest stages of construction of generation 3+ nuclear power plants.
The elaborated comprehensive plan of cyber security embraces all the types of computerized systems at the NPP and includes over 140 technical documents. During its development, the specialists were guided by international regulations and standards, including those of IAEA, IEC, ISO as well as procedural documents of FSTEC of Russia for threat modeling.
“Overcoming of difficulties and complying with all the regulations within the framework of this project is very good experience for our team”, said Evgeny Kaspersky, General Director of Kaspersky Laboratory JSC. – We are planning to apply it in new projects”.
Mr. Ruben Topchiyan, General Director of Atomenergoproekt JSC, expressed a high opinion of this cooperation. “We have chosen Kaspersky Laboratory as our partner because the specialists of this company have a long-term experience of protection of critical infrastructural facilities, including NPPs, and excellent skills in the field of detection of threats to industrial security. Jointly, we were able to develop a protection system of the future facility as regards its cyber security considering the requirements of several regulatory authorities and get the approval of the long chain of the project participants. We hope that the developments of the experts of Kaspersky Laboratory will make a significant contribution into the information security of a typical generation 3+ NPP with VVER-1200.
The developed package of documentation lays the principles which make it possible to eliminate the future cyber risks, prevent incidents and identify vulnerable points as early as the NPP design stage. Specialists of Kaspersky Laboratory and Atomenergoproek jointly created a program of ensuring NPP cyber security, described methods of risk evaluation and established the cyber security architectural plan.
In order to ensure technical independence under the new circumstances, Rosatom is switching over to fully import-independent digital products which allow creating unified industrial solutions and strengthening the IT-independence of Russia, reducing the impact of external factors. Rosatom has been working on replacement of imported software for a number of years. The State Corporation has created over 70 own digital products, of which more than 20 have been included into the register of Russian software.