doktorska disertacija
Samo Tomažič (Author), Igor Bernik (Mentor)

Abstract

Raziskovanje področja izrednih dogodkov v jedrski varnosti je specifično. Svetovna zgodovina ponuja izredno malo število primerov jedrskih in radioloških nesreč, ki so privedle do resnih posledic škodljivega vpliva ionizirajočega sevanja na ljudi in okolje, kar kaže na posebno specifiko. Na področju jedrskega varovanja in kibernetske varnosti v jedrskih objektih je primerov še manj, obenem pa nihče ne želi ali ne sme deliti informacij o tovrstnih dogodkih. V doktorski disertaciji je celovito predstavljena problematika kibernetske varnosti in odziva na kibernetske napade v jedrskih objektih oziroma v jedrskem sektorju na splošno. Izvedena raziskava je prva tovrstna v Sloveniji in ena izmed redkih v svetu. Z metodo deskripcije smo pregledali članke, diplomske naloge, magistrske naloge, doktorske disertacije, strokovne spletne strani, knjige, znanstvene revije in najrazličnejše standarde, priporočila in navodila ter izvedli popis javno dostopnih virov, kot so državne zakonodaje, nacionalna poročila držav članic, predpise, smernice, dobre prakse, dokumente upravljavcev jedrskih objektov in upravnih organov ter poročila mednarodnih organizacij. Na podlagi omenjenega pregleda smo oblikovali teoretična izhodišča. Stanje smo nato natančno analizirali z vodenimi strukturiranimi intervjuji z mednarodnimi strokovnjaki, zaposlenimi v jedrskih objektih, pri upravnih organih, tehnično podpornih organizacijah, z dobavitelji računalniške opreme ter pri drugih, ki so zadolženi za kibernetsko varnost v jedrskem sektorju. Podatke smo nato obdelali z osnovano teorijo. Zbrani podatki predstavljajo izhodišče za pripravo modela odziva na kibernetske napade v jedrskih objektih, ki smo ga z metodo modeliranja izgradili, verificirali in validirali. Na podlagi virov in mnenj stroke smo prišli do ugotovitev o problematiki, med katerimi najbolj izstopajo težave upravljavcev jedrskih objektov pri implementaciji ustreznih zaščitnih ukrepov na podlagi predpisov upravnih organov ter uporabi primernih smernic. Upravljavci jedrskih objektov so pri upravljanju kibernetske varnosti prepuščeni sami sebi, še posebej zaradi pomanjkanja izmenjave informacij v celotnem jedrskem sektorju doma in v tujini. Na podlagi znanja in razumevanja smo izdelali model odziva na kibernetske napade v jedrskih objektih, ki je namenjen vsem deležnikom v jedrskem sektorju pri organiziranju svojih in skupnih aktivnosti v povezavi z odzivom na kibernetske napade. Model sestavljajo štiri dimenzije; deležniki, komunikacija, stopnjevanje in faze odziva. Izdelan model so dodatno validirali tudi ključni deležniki. Z izdelanim modelom smo v sodelovanju z Upravo Republike Slovenije za jedrsko varnost in vsemi ključnimi deležniki organizirali prvo državno vajo s področja odziva na kibernetske napade v jedrskem sektorju. Med vajo smo se osredotočili le na dimenziji deležnikov in komunikacije med njimi, tako zaradi kompleksnosti modela kot zaradi prepoznanih največ pomanjkljivosti ravno na tem področju. Model je dovolj splošen, da se ga lahko s prilagoditvami implementira tudi v druge sektorje kritične infrastrukture. Rezultati doktorske disertacije so na voljo širši javnosti in prinašajo pomemben prispevek k nacionalni in mednarodni varnosti na področju kritične infrastrukture. Na znanstvenem področju pa prinašajo inovativen in celovit model za obravnavanje kibernetskih napadov na kritično infrastrukturo, s poudarkom na zagotavljanju učinkovitega jedrskega varovanja in jedrske varnosti.

Keywords

kibernetska varnost;jedrsko varovanje;kritična infrastruktura;kibernetski napad;odziv;doktorske disertacije;

Data

Language: Slovenian
Year of publishing:
Typology: 2.08 - Doctoral Dissertation
Organization: UM FVV - Faculty of Criminal Justice
Publisher: [S. Tomažič]
UDC: 004.056:621.039(043.3)
COBISS: 3685866 Link will open in a new window
Views: 1154
Downloads: 176
Average score: 0 (0 votes)
Metadata: JSON JSON-RDF JSON-LD TURTLE N-TRIPLES XML RDFA MICRODATA DC-XML DC-RDF RDF

Other data

Secondary language: English
Secondary title: Response model to cyber attacks at nuclear facilities
Secondary abstract: Nuclear safety research is a very specific domain. History offers us just a small number of events that had serious radiological consequences for people and the environment. In the field of nuclear security, and with focus on cyber security in the nuclear sector, the number of serious events is even smaller. Even in the case of such events, not everybody wants to share this information. In our doctoral dissertation we presented a comprehensive view on cyber security and cyber security incident response planning at nuclear facilities, and nuclear sector in general. We conducted research on this topic, which was the first one of this kind in Slovenia, and one of only a few such studies in the world. Using the method of description, we have analyzed articles, bachelor diplomas, master diplomas, doctoral dissertations, professional web pages, scientific magazines, many different standards, recommendations, guides; and other publicly available sources like national legislations, member state reports, regulations, guides, good practices, nuclear facility operator and competent authority procedures, and reports of international organizations. Based on the analysis of all these sources, the theoretical starting point was constructed. We then further analyzed the state of cyber security in nuclear sector with guided structured interviews, involving international experts from nuclear facilities, competent authorities, technical support organizations, computer equipment suppliers, and other stakeholders involved in cyber security activities in nuclear sector. Data were processed with the grounded theory. All the data gathered represented a starting point for the development of a response model to cyber-attacks at nuclear facilities, which we developed, verified and validated with the modelling method. Based on the sources and expert opinions, we came to the conclusion about the topic, and identified the problems that stand out the most. One example lies with the nuclear facility operators and their implementation of appropriate measures, based on regulatory guides, issued or pointed out by the competent authorities. Nuclear facility operators are also left to implement computer security to themselves, especially because there is a lack of information exchange within the entire nuclear sector on both a domestic and international level. Based on knowledge gained, and our understanding of the situation, we built a response model to cyber-attacks at nuclear facilities, which is intended for use by all stakeholders in the nuclear sector, for organizing internal and joint activities in preparation for a cyber-attack. The model consists of four dimensions; stakeholders, communication, escalation and phases. The model was additionally validated by all key stakeholders. With assistance from the Slovenian Nuclear Safety Administration and key stakeholders, we tested the model during the first exercise on cyber-attack at nuclear facility in nuclear sector ever held in Slovenia. During the exercise we focused only on two dimensions; stakeholders and communication between them. The first reason for this approach was that it is a quite complex model, and the second reason was the current lack of communication in the entire nuclear sector. The model is general enough to be implemented in other sectors of critical infrastructure, with minimal modification. Results of the doctoral dissertation are available to the public and bring an important contribution for a national and international security of critical infrastructure. From a scientific perspective, they bring innovative and comprehensive model for cyber-attack response planning in entire critical infrastructure sector, with a focus on assuring effective nuclear security and nuclear safety.
Secondary keywords: Jedrski objekti;Disertacije;Varnost;Kibernetika;
URN: URN:SI:UM:
Type (COBISS): Doctoral dissertation
Thesis comment: Univ. v Mariboru, Fak. za varnostne vede, Ljubljana
Pages: XIV, 175 str.
ID: 11102481