Cybersecurity incidents are stressful, complex in nature, and frequently are not systematically considered in daily tasks. When correctly managed, operational readiness procedures make sure the availability of data required to successfully and quickly recover from a security incident while lessening the adverse effect. Therefore, protective measures, such as implementation of data diodes, are playing an essential role in defending I&C systems. In addition, applicability of the newest forensic and digital evidence-related standards to the nuclear domain is being evaluated. Results of such evaluation are being considered in the 3D and 2D modeling of cybersecurity relevant assets. The development of the new IEC 63096, downstream standard of IEC 62645, will also support the proposed evaluation and modeling. However, IEC 63096 covers not only forensic and incident management-related security controls but also a broad range of cybersecurity controls. This paper will further explore the security degree-specific selection and overall assignment of forensic-related security controls for the nuclear domain. Results from ongoing prototype developments will be used to demonstrate possible alternative selections and assignments along with their contribution to different security metrics.

This content is only available via PDF.
You do not currently have access to this content.