Many participating countries of the 2016 Nuclear Security Summit, held in Washington, D.C. the week of March 28 agreed to strengthen the cybersecurity practices of their respective nuclear facilities and work together to bolster cyber defenses.
After the close of the summit on April 1, President Obama noted during at a press conference that “as part of our work today, we agreed to keep strengthening our nuclear facilities’ defenses against cyber-attacks.”Cybersecurity for nuclear facilities was part of two “gift baskets,” which are extra initiatives or joint pledges that a subset of the summit members agreed to on a specific sub-topic.
“In the past few months alone, new gift baskets have been added on complex issues like cybersecurity and insider threats,” Dutch Prime Minister Mark Rutte said in remarks at the opening of the summit.
Ruute hosted the previous summit at The Hague in 2014 and also reviewed the progress made since that session in his remarks.
The gift basket on mitigating insider threats committed the participants to implement measures to mitigate insider risks using a risk-informed graded approach. One of the methods deemed appropriate to establish this nuclear security regime is maintaining good cyber hygiene procedures. This includes protective monitoring on cyber estate and ensuring user privileges.
The pledge also said regular security awareness training should include cyber security as part of the effort to establish insider trustworthiness programs.
The insider threat statement recorded the intent of Armenia, Australia, Belgium, Canada, Chile, Czech Republic, Finland, Georgia, Germany, Hungary, Israel, Italy, Japan, Jordan, Kazakhstan, Mexico, Morocco, the Netherlands, Nigeria, Norway, the Republic of Korea, Romania, Spain, Sweden, Thailand, the United Kingdom, the United States, and INTERPOL to establish and implement national-level measures to mitigate these threats.
A separate U.K.-sponsored gift basket focused on Cyber Security of Industrial Control and Plant Systems at Nuclear Facilities, wherein the U.S. will participate in two international workshops on the topic and work with the U.K. on a joint civil nuclear cyber exercise.
The exercise builds on the November 2015 Resilient Shield exercise held between the U.S. and U.K. financial sectors and is “designed to test government and industry response to cybersecurity threats,” the gift basket fact sheet said.
It is planned to simulate a cyber attack on nuclear power supplies to see how the U.K. and U.S. can work together if such a security event occurs, the U.K. Prime Minister’s office said in a statement announcing the gift basket introduction.
The fact sheet highlighted these efforts “complement our efforts to promote broad international affirmation of voluntary norms of responsible state behavior in peacetime.”