Commercial Enterprises:

INTEGRITY — When Life Depends On It
Securing Nuclear Power Plants from Cyber Attack

The Nuclear Regulatory Commission (NRC) and nuclear power plant operators have been put on notice by the U.S. Congress...

"We write to you with great concern about the cybersecurity posture of our nation's nuclear power plants, and ask that you move with all deliberate speed in ensuring that nuclear plant licensees institute comprehensive cybersecurity policies and procedures on safety and non-safety systems alike."

—May 14, 2007, from a letter to Dale E. Klein, Chairman, U.S. Nuclear Regulatory Commission from Congressman Bennie G. Thompson, Chairman, Committee on Homeland Security; and, James R. Langevin, Chairman, Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology.

More than 19% of electricity generation representing 787 billion kilowatt hours of electricity. 104 operating nuclear reactors in the US. 4.1 million pounds of Uranium concentrate production. An entire nuclear power industry managed by systems that are thought to have security due to an "air gap" strategy that has recently been demonstrated faulty. It's not a matter of if a cyber attack will shut down or damage a nuke. It's only a matter of when and what the damage is.

Sooner or later, cyber security strategies based on ad-hoc, reactive, inconclusive "pierce and patch" security policies will result in:

  • Executives not in compliance with Federal laws; facing fines and/or prison sentences
  • Loss of power generation capabilities, damage to high-value facilities
  • Loss of corporate value — market capitalization, revenue, earnings
  • Millions lost defending or settling class action lawsuits
  • Millions spent on restoring service or refunding money to customers
  • Bankruptcy
  • Customer health and medical emergencies, including death
  • Widespread economic upheaval
  • Widespread political and social upheaval
  • Entire communities and possibly regions of the country left uninhabitable
  • Compromised national defense

A cyber security strategy based on "pierce and patch" is—

Unfathomable. Unacceptable. Untenable. Uneconomic.
And has largely been unfixable — until now.

INTEGRITY — the most secure and reliable software system ever developed — can provide nuclear power facilities with certified unbeatable cyber asset security. The National Information Assurance Partnership (NIAP) has awarded INTEGRITY a rating of EAL6+ High Robustness. No software system has ever come close to these ratings before INTEGRITY.

With INTEGRITY, control and command applications like SCADA systems, work without the possibility of intentional, hostile, well-funded, internal or external attack. And it's been certified — not once, but multiple times.

An inadvertent shut down like the one that occurred at the Hatch Nuclear Power Plant near Baxley, GA, when a single engineer installed a software upgrade on a computer operating on the plant's business network which triggered a reset of data which was diagnosed as a lack of water in the cooling system by a computer on the control network — is impossible with INTEGRITY. INTEGRITY creates a real "air gap" by truly separating data and applications unless communication is allowed based on very stringent pre-established policies.

"I still do not get the sense that we are addressing cybersecurity with the seriousness that it deserves. I think we could search far and wide and not find a more disorganized, ineffective response to an issue of national security of this import." — Congressman James Langevin, as quoted by PC World, May 21, 2008.

INTEGRITY helps nuclear power plants meet and exceed cyber security requirements.

  • Clause 5.6(a) of IEEE Std 7-4.3.2-2003 states that "Barrier requirements shall be identified to provide adequate confidence that the non-safety functions cannot interfere with the performance of the safety functions of the software or firmware"
    • INTEGRITY keeps non-safety and safety functions separate using its Separation Kernel Protection Profile and by developing stringent policies that align security with functionality and access.
  • Clause 5.9 of IEEE Std. 7-4.3.2-2003, "Control of Access," refers to the applicable requirements in IEEE Std. 603-1998 and states, "The design shall permit the administrative control of access to safety system equipment. These administrative controls shall be supported by provisions within the safety systems, by provision in the generating station design, or by a combination thereof."
    • INTEGRITY allows administrative controls to be limited to very specific personnel and computers.

Because INTEGRITY is designed to be secure first and foremost, the waterfall design cycle required by the IEEE standard is less challenging. Security is in place right from the start. Deploying INTEGRITY then becomes a matter of defining and establishing the policies and protocols of who gets what access to which data and where as well as what systems are allowed to communicate with other systems. Never will nuclear power plants have to worry about their business networks causing problems with their control networks. Separation is the key and nothing separates better than INTEGRITY.

Certified as secure and reliable for both military and non-military use as a result of the most rigorous testing and evaluation possible, INTEGRITY offers:

  • True security
    • Open communication is possible without risk to critical assets
    • Mission critical assets and applications remain completely safe and secure
  • Cost savings
    • INTEGRITY Secure Consolidated Client (ISCC)
    • Simultaneous support of legacy and mission critical applications
  • Form flexibility
    • Protect desktop PCs, servers, Thin-Client Workstations and even PDAs
  • Open Standards
    • Supports Windows, Linux
    • Supports native POSIX-compliant applications
  • Certified security and reliability — no other operating system can offer this level of security and reliability and no other operating system has ever been certified to the levels of INTEGRITY

To learn more about how INTEGRITY Global Security can secure your nuclear facility, please call 805.882.2500 or send email.

© INTEGRITY Global Security    |    Site Map    |    Contact Us