Implementation of computer security at nuclear facilities in Germany

• GRS-best-practice-approach for the implementation of computer security at NPPs and some examples of its application.
• A general approach to expand the existing security management process in NPPs to computer security aspects.
• Integration of a computer security organization with a computer security officer and the implementation of a computer security concept.

In recent years, electrical and I&C components in nuclear power plants (NPPs) were replaced by software-based components. Due to the increased number of software-based systems also the threat of malevolent interferences and cyber-attacks on NPPs has increased. In order to maintain nuclear security, conventional physical protection measures and protection measures in the field of computer security1 have to be implemented. Therefore, the existing security management process of the NPPs has to be expanded to computer security aspects. In this paper, we give an overview of computer security requirements for German NPPs. Furthermore, some examples for the implementation of computer security projects based on a GRS-best-practice-approach are shown.