Quantification of Human Errors in Cyber Security in the Nuclear Sector

Abstract

"The UK's Civil Nuclear Security Strategy (Feb 2017) identifies CS and blended attacks as being a major concern and proposes that organisations in the UK Nuclear Sector and the associated supply chain should increase their understanding of CS risks and mitigate security vulnerabilities. At CyberUK 2017, the NCSC People-Centred Security Lead presented a keynote speech linked to the UK national strategy and the focus on the essential roles that personnel take in preventing these attacks. Human tasks include identifying and responding to attacks, maintaining defensive barriers, monitoring personnel, decision-making and situation awareness and avoiding inadvertently weakening these defences.

Human errors, including both unintentional errors and violations, which are conscious acts that do not conform to the prescribed methods or organisational policies that are undertaken for non-malicious reasons (e.g. because a person does not consider them to be necessary). Both of these have been implicated in many CSBs and so, understanding the underlying human factors issues will enable assessors to identify the task features that will increase the risk of human errors. This project will develop a structured approach underpinned by research into human capabilities in terms of cognitive strengths, limitations and performance shaping factors.

The tool that will be developed will enable nuclear installations to quantify the risks for CSB prevention tasks, so that any weaknesses can be identified and the risk of human errors that compromise CS can be reduced. The tool that is developed will cover tasks to prevent hardware or software for a CS or blended attack from entering a nuclear site physically or via the internet; access control tasks; monitoring internet traffic and if necessary, undertaking effective preventive actions in the event of an attack.

The project will be undertaken by CRA who are renowned experts in the field of risk management, human factors and human reliability analysis, especially in the nuclear arena. Advanced CS expertise comes from the University of Kent which is part of the Academic Centres of Excellence in Cyber Security Research (ACE CSR) institution."

Lead Participant

Project Cost

Grant Offer

Corporate Risk Associates Limited, London £99,797 £ 69,858

Publications

10 25 50