Nükleer tesislerde bilişim emniyeti

Abstract

Bu çalışmada nükleer tesislerin bilişim emniyeti konusunda takip edilmesi ve dikkat edilmesi gereken hususlar konusu çalışılmış, doğrudan çözüm bulmak yerine metodoloji önerilmiştir. Önerilen metodoloji tesisin bütün paydaşlarını göz önüne almakta ve genel bir politika ve farkındalığın varlığına katkıda bulunmaktadır. Bilişim emniyetinin göz ardı edilmesi veya yeterince önemsenmemesi durumunda, dünyadaki meydana gelen olaylardan bahsedilmiş, ayrıca olabilecek senaryolarla örneklendirilmiştir.Nükleer tesisler hem bilgi teknolojileri hem de endüstriyel kontrol sistemleri şebekelerini içerirler. Her birinin ayrı olarak incelenmesi gerekir. Tesis için endüstriyel kontrol sistemleri daha önemlidir, emniyeti daha hassas şekilde ele alınmalıdır.Öncelikle tehditlerin neler olabileceği tespit edilmelidir. Bilişim emniyeti hayat döngüsünde bu tehditlerin hangi aşamalarda nasıl oluşabileceği belirlenmelidir. Saldırgan profilleri çıkarılmalı ve bunlara karşı farklı önlemler düşünülmelidir.Organizasyonel durumlar da ele alınmalıdır. Kurum yönetimi, tesis için bilişim emniyetinin öneminin farkında olmalıdır. Bilişim emniyeti sorumlusu seçimindeki kriterleri özenle belirlemelidir. Kurumun bir Bilişim Emniyeti Politikası olmalıdır. Bu politika uygulatılabilir, başarılabilir, denetlenebilir olmalıdır. Bu politika kültür haline gelmeli ve herkes kendi sorumluluğunun farkında olmalıdır. Politika, plan halinde uygulanmalıdır. Plan içinde organizasyon ve sorumluluklar, varlık yönetimi, risk, zaaf ve uyumluluk değerlendirmesi, sistem emniyet tasarımı ve konfigürasyon yönetimi, operasyonel emniyet prosedürleri ve personel eğitimi konuları işlenmelidir. Eğitim programları düzenlenmeli, bilişim emniyeti farkındalığı, sürekli gelişme yöntemleri veya tekrar eğitim ölçümleri konularını da içermelidir. Bu planın diğer emniyet alanları ile etkileşimi de düşünülmelidir.Bilişim sistemleri emniyetine kademeli bir yaklaşım olmalıdır. Böylelikle bir saldırının potansiyel sonuçları için orantılı emniyet önlemleri uygulanır. Kademeli yaklaşımın bir pratik kurulumu; bilişim sistemini alanlara bölmek ve o alana has seviyede kademeli önleyici tedbirleri uygulamaktır. 2011 yılında yapılan tahminlere göre insan hatası kökenli emniyet ihlallerin oranı %60-80 arasındadır. Bu oran bize insan hataları üzerinde de ciddi tedbirler almamız gerektiğini göstermektedir. Bilişim emniyeti açısından ve sistem devamlılığı için çalışanların, genel bilişim emniyeti planındaki rollerinin önemini güçlü bir şekilde anlamaları, kendi sorumlulukları tarafındaki gerekli bilişim emniyeti bilgisi ve becerisi, etkin bir emniyet kültürünün kendileri ile başladığının anlaşılması çok önemlidir.Olası saldırılar için önceden senaryo çalışmaları yapmak faydalı olacaktır. Bu konuda yararlanılabilecek bir çizelge oluşturulmuş ve bundan örnek senaryolar üretilmiştir. Sonuç olarak bütüncül bir yaklaşım önerilmiş, bir nükleer tesiste olası tüm saldırılabilecek varlıklar açısından genel bir bakış ile nükleer tesislere özel tam bir koruma yönteminin metodolojisi yakalanmaya ve önerilmeye çalışılmıştır.

In this thesis, the Computer Security at Nuclear Facilities has been studied, instead of giving certain advice details, the approaching methodology has been given.Nuclear facilities must abide by requirements set by their national regulatory bodies which may directly or indirectly regulate computer systems or set guidance. Nuclear facilities may have to protect against additional threats which are not commonly considered in other industries. Such threats may also be induced by the sensitive nature of the nuclear industry. Computer security requirements in nuclear facilities may differ from requirements in other concerns. Typical business operations involve only a limited range of requirements. Nuclear facilities need to take a wider base or an entirely different set of considerations into account.The following logical process, described also in detail in IAEA Nuclear Security Series No. 17 publication Section 5, highlights how a nuclear facility can develop, implement, maintain and improve computer security:—Follow regulatory requirements;—Examine relevant IAEA and other international guidance;—Ensure senior management support and adequate resources;—Define a computer security perimeter;—Identify the interactions between computer security and facility operation,nuclear safety and other aspects of site security;—Create a computer security policy;—Perform risk assessment;—Select, design and implement protective computer security measures;—Integrate computer security within the facility's management system;—Especially be aware that Industrial Control Systems are vital; —Keep auditing, reviewing and improving the system.One of The Facility Management's responsibilities should be to ensure proper coordination of the various disciplines of security and integration of computer security at the appropriate level.Management should be aware that computer technology is being increasingly used for many vital functions at nuclear facilities. This development has brought multiple benefits to operational safety and efficiency. Nonetheless, to ensure the correct functionality of a computer system, they are required to have adequate and balanced security barriers to maximize protection against malicious acts without unnecessarily hampering system operations.Management systems must be reviewed to ensure completeness and compliance with site security policies. More generally, management systems are by nature dynamic and must adapt to changing conditions in the facility and in the environment; they cannot be implemented as a one-off measure but need continuous assessment and improvement.Protection requirements should reflect the concept of multiple layers and methods of protection (structural, technical, personnel and organizational) that have to be overcome or circumvented by adversaries in order to achieve their objectives.The primary means of preventing and mitigating the consequences of security breaches is 'defence in depth'. Defence in depth is implemented primarily through the combination of a number of consecutive and independent levels of protection that would have to fail or be defeated before a computer system compromise could occur. If one level of protection or barrier were to fail, the subsequent level or barrier would be available. When properly implemented, defence in depth ensures that no single technical, human or organizational failure could lead to computer system compromise, and that the combinations of failures that could give rise to a computer incident are of very low probability. The independent effectiveness of the different levels of defence is a necessary element of defence in depth.Organizational issues should be considered too. A facility's senior management should initiate computer security by establishing an adequate process and support organization. Computer security touches almost all facility activities. It is therefore important to assign overarching computer security oversight to one well defined body. It is essential for the Computer Security Officer to have access to adequate interdisciplinary expertise associated with computer security, facility safety, and plant operations as well as physical and personnel security. This may consist of a dedicated computer security team or ad hoc access to specific expertise within the organization.Each person within an organization is responsible for carrying out the computer security plan. By this methodology, each stakeholder has been considered to be aware of computer security issues. Developing a security culture, building a computer security policy, continuous improvement of program should be planned. A computer security policy sets the high level computer security goals of an organization. The policy must meet appropriate regulatory requirements. Computer security policy requirements should be factored into lower level documents, which will be used to implement and control policy. Additionally, the policy must be:—Enforceable;—Achievable;—Auditable.The computer security plan is the implementation of that policy in the form of organizational roles, responsibilities, and procedures. The plan specifies and details the means for achieving the computer security goals at the facility and is a part of the overall Site Security Plan.The security of computer systems should be based on a graded approach, where security measures are applied proportional to the potential consequences of an attack. One practical implementation of the graded approach is to categorize computer systems into zones, where graded protective principles are applied for each zone based on the level of security requirement assigned to the zone. The assignment of computer systems to different levels and zones should be based on their relevance to safety and security. Zone borders require decoupling mechanisms for data flow in order to prevent unauthorized access and also to prevent errors from propagating from a zone with lower protection requirements to a zone with higher ones. Technical and administrative measures ensuring the decoupling of zones have to be geared to the individual demands of protective levels. A direct connecting passage through several zones should not be allowed.Risk assessment is also an important tool for determining the best location to allocate resources and effort in addressing vulnerabilities and the likelihood of their exploitation.We have also mentioned some IT and Industrial Control Systems security based Nuclear Facility attacks, some more scenarios that might happen. Nuclear facilities contain both Information Technologies Systems and Industrial Control Systems. Both are important but Industrial Control Systems are more important for nuclear facilities and its security should be considered more detailed.Primarily the threats and attacker profiles should be identified. In creating attack scenarios, one may differentiate between several possibilities. The nuclear facility may be attacked with the purpose of:—Building up a later coordinated attack intended to sabotage the plant and/orto remove nuclear material;—Endangering human or environmental safety;—Launching an attack towards another site;—Creating confusion and fear;—Gaining monetary profit for a criminal group of people;—Creating major market instabilities and gains for selected market players.Depending on the objectives or aims of the attack, the attacker will try toexploit different system vulnerabilities. Such attacks can lead to:—Unauthorized access to information (loss of confidentiality);—Interception and change of information, software, hardware, etc. (loss of integrity);—Blockage of data transmission lines and/or shutdown of systems (loss of availability);—Unauthorized intrusion into data communication systems or computers (loss of reliability).All these aspects can have major consequences and impacts on the functionality of computer systems, which may, directly or indirectly, compromise the safety and security of the facility.The computer security at Nuclear Facilities should be considered in depth from each perspective which we have noticed. Briefly we can emphasize that each stakeholder should be aware of importance of computer security, it should be a culture, and be kept by regulations.