Conference tackles cyber security for next-generation nuclear power in a connected world

Speakers from government, regulators and the private sector are lined up to tackle the crucial issue of cyber security as the UK gears up for its next generation of nuclear stations.

By Antonia Stuart

They will address a new conference organised by Nuclear Energy Insider (NEI) following a tumultuous year dominated by the Sony Pictures Entertainment hack, and marked by new effort by governments to shore up the cyber defence of critical industries in an increasingly connected world.

The first Nuclear Knowledge Management & Cyber Security Conference, taking place 17-18 June 2015 in Cardiff, will concentrate on the twin challenge of increasing information and knowledge transparency while at the same time bolstering cyber security. Organisers say it is the first conference to make the link between the two emerging trends.

“The tech industry has been talking for 20 years about the need for cyber security, but I think everybody woke up a little when Sony was hacked last year,” said NEI industry analyst, Michael Vickery.

In November 2014 hackers released confidential data belonging to Sony Pictures Entertainment, including information about employees, e-mails between employees, and copies of unreleased films. The hackers also demanded the cancellation of the film, The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-un. Cinemas scheduled to premiere the film were threatened with violence if they went ahead.

A major diplomatic incident ensued after US intelligence officials claimed to find evidence linking the hack to North Korea – a link North Korea strenuously denied. The affair even drew in US President Barack Obama, who urged Sony to reverse its decision to cancel the film’s release.

Whether perpetrated by a state actor or private mischief-makers, the hack brought cyber security into heightened focus.

And while it was directed at a single company and resulted in the release of damaging and confidential information, governments are now worried about the security of crucial industries and infrastructure systems that are increasingly plugged into complex networks through the Internet, which, they believe has created a greater risk of cyber-sabotage.

Two months before the Sony hack, the UK government set aside £2.5m for research into boosting the cyber-security of industrial control systems that run power stations, the electricity grid, the rail network and manufacturing plants. Teams from four UK universities will work with industry to analyse the risks and help planners mitigate threats from hackers or malware infiltrating the systems that make critical infrastructure work.

According to NEI, the issue is particularly relevant for the civil nuclear industry. “The Internet didn’t exist when the first generation of nuclear power stations were built,” said NEI’s Michael Vickery. “Now, real-time data capture, information and knowledge sharing, and Internet-enabled management systems all rely on networks, and there is no going back on that if we’re to manage the nuclear estate intelligently in the future. It’s not an issue that will somehow take care of itself.”

NEI’s new conference aims to help industry leaders tackle the issue head-on. Among the top-level speakers is Robert Orr, Head of Information and Cyber Security at the Office for Nuclear Regulation. Orr will set out the regulatory expectations for the transformation of cyber security in the UK civil nuclear sector, and address current thinking on leadership, maturity and the concept of “agility” in information assurance.

The government’s view will be set out by Richard Bach, Assistant Director of Cyber Security for the Department for Business, Innovation and Skills. Bach will help attendees understand how the UK’s National Cyber Security Strategy aims to make the UK a safer place to conduct business online, and, specifically, the Cyber Essentials Scheme, which was published last year.

Peering into the dark side will be Martyn Ruks, Director at MWR Infosecurity, who will probe the cyber security threat by discussing the modern attacker, looking at evolving motivations, capabilities, and reasons to be concerned – or not. Ruks will examine what cyber security means in the context of operational technology, industrial control systems, SCADA, building management systems, and physical security systems.

To learn more about the full speaker line-up and topics to be discussed at NEI’s Nuclear Knowledge Management & Cyber Security Conference, visit: