What’s in the Standard
This new standard N290.7-14 “Cyber security for nuclear power plants and small reactor facilities”, requires the use of unidirectional gateways to protect the most safety critical CEAs (Cyber Essential Assets). Its objective, “to secure essential computer systems and components against cyber-attacks”, will require the implementation of unidirectional technology to all routable communication paths on the perimeter of CEAs of highest safety significance.
Relationship to Unidirectional Gateways
The standard breaks down categories of CEAs by security significance in accordance with the most important safety or security function a CEA performs. It takes a preventative posture by allowing only one way to secure the most important CEA’s from less-important networks of CEAs: hardware-enforced unidirectional gateways. The language contained in the regulation makes it clear that for the most important CEAs; insecure, unauthorized connections, unauthorized information flows, and remote deactivation and activation of services must prevented.
Generally speaking, nuclear sites face unique risks. However, when it comes to protecting control networks and critical infrastructure from cyber attacks, nuclear is no different from other industrial networks – nuclear is just leading the charge. In 2010, the Nuclear Regulatory Commission (NRC) in the US, effectively forbade the use of firewalls to protect nuclear generator control networks from a less-trusted network. As a result, all American nuclear generators deployed unidirectional gateway technology. With Canada following the US regulator’s lead, control system security standards throughout the North American nuclear industry now recognize the preventative strength of Unidirectional Security Gateways.