<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE article PUBLIC "-//NLM//DTD JATS (Z39.96) Journal Publishing DTD v1.2d1 20170631//EN" "JATS-journalpublishing1.dtd">
<ArticleSet>
  <Article>
    <Journal>
      <PublisherName>ejsss</PublisherName>
      <JournalTitle>ELECTRONIC JOURNAL OF SOCIAL AND STRATEGIC STUDIES</JournalTitle>
      <PISSN/>
      <EISSN/>
      <Volume-Issue>Volume 4 Issue 3</Volume-Issue>
      <PartNumber/>
      <IssueTopic>Multidisciplinary</IssueTopic>
      <IssueLanguage>English</IssueLanguage>
      <Season>Dec 2023-Jan 2024</Season>
      <SpecialIssue>N</SpecialIssue>
      <SupplementaryIssue>N</SupplementaryIssue>
      <IssueOA>Y</IssueOA>
      <PubDate>
        <Year>2024</Year>
        <Month>01</Month>
        <Day>31</Day>
      </PubDate>
      <ArticleType>Security Studies</ArticleType>
      <ArticleTitle>Cybersecurity in Indian Nuclear Facilities</ArticleTitle>
      <SubTitle/>
      <ArticleLanguage>English</ArticleLanguage>
      <ArticleOA>Y</ArticleOA>
      <FirstPage>314</FirstPage>
      <LastPage>338</LastPage>
      <AuthorList>
        <Author>
          <FirstName>Neeraj</FirstName>
          <LastName>BR</LastName>
          <AuthorLanguage>English</AuthorLanguage>
          <Affiliation/>
          <CorrespondingAuthor>N</CorrespondingAuthor>
          <ORCID/>
        </Author>
      </AuthorList>
      <DOI>10.47362/EJSSS.2023.4302</DOI>
      <Abstract>Nuclear facilities have revolutionised renewable energy worldwide. However, the use of highly radioactive raw materials, capable of causing extensive damage if mismanaged, has made them a priority in national security along with other critical infrastructure facilities. Given this background, the importance of nuclear facilities for national security has strengthened with cases of cyberattacks on nuclear facilities worldwide. This paper analyses the ability of India__ampersandsign#39;s cybersecurity framework, both legislative and executive, to fend off cyberattacks on its nuclear facilities, drawing from experiences of cyberattacks worldwide and internationally recommended good standards and practices. Additionally, the paper also looks at how India could mitigate insider threats to its nuclear facilities and cultivate a cybersecurity culture within its nuclear facilities.</Abstract>
      <AbstractLanguage>English</AbstractLanguage>
      <Keywords>Cybersecurity,Nuclear,India,Kudankulam,Nuclear Energy,Legislation,Prevention</Keywords>
      <URLs>
        <Abstract>https://ejsss.net.in/ubijournal-v1copy/journals/abstract.php?article_id=15025&amp;title=Cybersecurity in Indian Nuclear Facilities</Abstract>
      </URLs>
      <References>
        <ReferencesarticleTitle>References</ReferencesarticleTitle>
        <ReferencesfirstPage>16</ReferencesfirstPage>
        <ReferenceslastPage>19</ReferenceslastPage>
        <References>Arinze, U. C., Eneh, A. H., and; Longe, B. O. (n.d.). Overview of Nuclear Cyber Security Requirements for Nuclear Power Plants (NPPs). National Nuclear Security Regulations, 1–12. Retrieved 17 August 2023, from https://conferences.iaea.org/event/181/contributions/15920/attachments/8409/11124/Overview_of_Nuclear_Cyber_Security_Requirements_for_Nuclear_Power_Plants__NPPs_.pdf&#13;
&#13;
Atomic Energy Regulatory Board. (2006). Operation Safety Experience Feeback on Nuclear Power Plants (Safety Guide AERB/NPP/SG/O-13). Atomic Energy Regulatory Board.&#13;
&#13;
Ayodeji, A., Mohamed, M., Li, L., Di Buono, A., Pierce, I., and; Ahmed, H. (2023). Cyber security in the nuclear industry: A closer look at digital control systems, networks and human factors. Progress in Nuclear Energy, 161, 104738. https://doi.org/10.1016/j.pnucene.2023.104738&#13;
&#13;
Badia, E., Navajas, J., and; Losilla, J.-M. (2020). Organizational Culture and Subcultures in the Spanish Nuclear Industry. Applied Sciences, 10(10), 3454. https://doi.org/10.3390/app10103454&#13;
&#13;
Barzashka, I. (2013). Are Cyber-Weapons Effective?: Assessing Stuxnetand;#39;s Impact on the Iranian Enrichment Programme. The RUSI Journal, 158(2), 48–56. https://doi.org/10.1080/03071847.2013.787735&#13;
&#13;
Bell, A. J. C., Rogers, M. B., and; Pearce, J. M. (2019). The insider threat: Behavioral indicators and factors influencing likelihood of intervention. International Journal of Critical Infrastructure Protection, 24, 166–176. https://doi.org/10.1016/j.ijcip.2018.12.001&#13;
&#13;
Bhamare, D., Zolanvari, M., Erbad, A., Jain, R., Khan, K., and; Meskin, N. (2020). Cybersecurity for industrial control systems: A survey. Computers and; Security, 89, 1–12. https://doi.org/10.1016/j.cose.2019.101677&#13;
&#13;
Camp, N. J., and; Williams, A. D. (2019). Preliminary Results from a Comparative Analysis of Counterintelligence and Insider Threat Mitigation in Nuclear Facilities (SAND2019-7140C; pp. 1–10). Sandia National Laboratories.&#13;
&#13;
Cappelli, D., Moore, A., and; Trzeciak, R. (2012). The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud). Addison-Wesley.&#13;
&#13;
Central Electricity Authority. (2021). CEA (Cyber Security in Power Sector) Guidelines [Guidelines]. Ministry of Power. Retrieved 10 August, 2023 from https://cea.nic.in/wp-content/uploads/notification/2021/10/Guidelines_on_Cyber_Security_in_Power_Sector_2021-2.pdf&#13;
&#13;
Department of Information Technology (2003). IT Security Policy (CISG-2003-02). Government of India. Retrieved 17 August 2023, from https://www.cert-in.org.in/Downloader?pageid=6and;type=2and;fileName=CISG-2003-02.pdf&#13;
&#13;
CERT-In. (2022). Directions under sub-section (6) of section 70B of the Information Technology Act, 2000 relating to information security practices, procedure, prevention, response and reporting of cyber incidents for Safe and; Trusted Internet (20(3)/2022-CERT-In). Government of India. Retrieved 17 August 2023, from https://www.cert-in.org.in/PDF/CERT-In_Directions_70B_28.04.2022.pdf&#13;
&#13;
Colwill, C. (2009). Human factors in information security: The insider threat – Who can you trust these days? Information Security Technical Report, 14(4), 186–196. https://doi.org/10.1016/j.istr.2010.04.004&#13;
&#13;
Chye, K. H., and; Boo, E. H. Y. (2004). Organisational ethics and employee satisfaction and commitment. Management Decision, 42(5), 677–693. https://doi.org/10.1108/00251740410538514&#13;
&#13;
Department of Electronics and Information Technology. (2013). National Cyber Security Policy, 2013. Government of India. Retrieved 17 August 2023, from https://nciipc.gov.in/documents/National_Cyber_Security_Policy-2013.pdf&#13;
&#13;
Ministry of Defence. (2019). Cyber Security Policy 2019. Ministry of Defence. Retrieved 10 October, 2023 from https://ddpdos.gov.in/sites/default/files/2019-12/Cyber%20Security%20Policy%20Template.pdf&#13;
&#13;
Gupta, D., and; Bajramovic, E. (2017). Security culture for nuclear facilities. 050014. https://doi.org/10.1063/1.4972948&#13;
&#13;
Georgiadou, A., Mouzakitis, S., and; Askounis, D. (2022). Detecting Insider Threat via a Cyber-Security Culture Framework. Journal of Computer Information Systems, 62(4), 706–716. https://doi.org/10.1080/08874417.2021.1903367&#13;
&#13;
International Atomic Energy Agency. (2011). Computer Security at Nuclear Facilities (Technical Guidance: Reference Manual 17; Nuclear Security Series, pp. 1–69). International Atomic Energy Agency.&#13;
&#13;
International Atomic Energy Agency. (2021). Computer Security at Nuclear Facilities (Technical Guidance: Reference Manual 17-T (Rev.1); Nuclear Security Series, pp. 1–69). International Atomic Energy Agency.&#13;
&#13;
John, N. (2020, November 25). Breach at Kudankulam nuclear plant may have gone undetected for over six months: Group. The Economic Times. Retrieved 10 August 2023, from https://economictimes.indiatimes.com/news/politics-and-nation/breach-at-kudankulam-nuclear-plant-may-have-gone-undetected-for-over-six-months-group-ib/articleshow/79412969.cms?from=mdr&#13;
&#13;
Kelly, M. (2013, November 20). The Stuxnet Attack On Iranand;#39;s Nuclear Plant Wasand;#39; Far More Dangerousand;#39; Than Previously Thought. Business Insider. Retrieved 6 September 2023, from https://www.businessinsider.in/the-stuxnet-attack-on-irans-nuclear-plant-was-far-more-dangerous-than-previously-thought/articleshow/26113763.cms&#13;
&#13;
Kesler, B. (2011). The Vulnerability of Nuclear Facilities to Cyber Attack. 10(1).&#13;
&#13;
Kim, D.-Y. (2013). Cyber security issues imposed on nuclear power plants. Annals of Nuclear Energy, 65, 141–143. https://doi.org/10.1016/j.anucene.2013.10.039&#13;
&#13;
Kushner, D. (2013, February 26). The Real Story of Stuxnet—IEEE Spectrum. IEEE Spectrum. Retrieved 7 September 2023, from https://spectrum.ieee.org/the-real-story-of-stuxnet&#13;
&#13;
Lee, T., and; Harrison, K. (2000). Assessing safety culture in nuclear power stations. Safety Science, 34(1–3), 61–97. https://doi.org/10.1016/S0925-7535(00)00007-2&#13;
&#13;
Mallick, P. K. (2019). Cyber Attack on Kudankulam Nuclear Power Plant: A Wake Up Call. New Delhi: Vivekananda International Foundation.&#13;
&#13;
Mintzberg, H. (1979). The Structuring of Organizations. Prentice Hall.&#13;
&#13;
Nakashima, E., and; Warrick, J. (2023, May 20). Stuxnet was work of U.S. and Israeli experts, officials say. Washington Post. Retrieved 5 September 2023, from  https://www.washingtonpost.com/world/national-security/stuxnet-was-work-of-us-and-israeli-experts-officials-say/2012/06/01/gJQAlnEy6U_story.html&#13;
&#13;
National Critical Information Infrastructure Protection Centre. (n.d.). NCIIPC Framework for Evaluating Cyber Security in Critical Information Infrastructure (Version 1). National Critical Information Infrastructure Protection Centre. Retrieved 14 August 2023, from https://nciipc.gov.in/documents/Evaluating_Cyber_Security_Framework.pdf&#13;
&#13;
Nissen, C., Gronager, J., Metzger, R., and; Rishikof, H. (2018). Deliver Uncompromised: A Strategy for Supply Chain Security and Resilience in Response to the Changing Character of War (pp. 7–54). The MITRE Center for Technology and; National Security.&#13;
&#13;
Nuclear Sector Coordinating Council. (n.d.). Cybersecurity in the Nuclear Sector. Cybersecurity and; Infrastructure Security Agency. Retrieved 14 August 2023, from https://www.cisa.gov/sites/default/files/publications/Nuclear%20Sector%20Cybersecurity%20Infographic%204.13.21_508c.pdf&#13;
&#13;
Oh, S., and; Han, H. (2020). Facilitating organisational learning activities: Types of organisational culture and their influence on organisational learning and performance. Knowledge Management Research and; Practice, 18(1), 1–15. https://doi.org/10.1080/14778238.2018.1538668&#13;
&#13;
Park, J., Suh, Y., and; Park, C. (2016). Implementation of cyber security for safety systems of nuclear facilities. Progress in Nuclear Energy, 88, 88–94. https://doi.org/10.1016/j.pnucene.2015.12.009&#13;
&#13;
Pickering, S. Y., and; Davies, P. B. (2021). Cyber Security of Nuclear Power Plants: US and Global Perspectives. Georgetown Journal of International Affairs. Retrieved 14 August 2023, from https://gjia.georgetown.edu/2021/01/22/cyber-security-of-nuclear-power-plants-us-and-global-perspectives/&#13;
&#13;
Poulsen, K. (2003, August 20). Slammer worm crashed Ohio nuke plant net. Retrieved 5 September 2023, from https://www.theregister.com/2003/08/20/slammer_worm_crashed_ohio_nuke/&#13;
&#13;
Poletykin, A., Promyslov, V., Jharko, E., and; Semenkov, K. (2022). Risk Assessment and Cyber Security of Nuclear Power Plants. 2022 15th International Conference Management of Large-Scale System Development (MLSD), 1–5. https://doi.org/10.1109/MLSD55143.2022.9934271&#13;
&#13;
Press Information Bureau. (2022, December 8). Union Minister Dr Jitendra says, security arrangements are in place to secure Indiaand;#39;s nuclear power plant systems from cyber-attack. Retrieved on 7 August 2023, from https://pib.gov.in/pib.gov.in/Pressreleaseshare.aspx?PRID=1881733&#13;
&#13;
Raiyn, J. (2014). A survey of Cyber Attack Detection Strategies. International Journal of Security and Its Applications, 8(1), 247–256. https://doi.org/10.14257/ijsia.2014.8.1.23        &#13;
&#13;
Roy, A., Newman, A., Round, H., and; Bhattacharya, S. (2023). Ethical Culture in Organizations: A Review and Agenda for Future Research. Business Ethics Quarterly, 1–42. https://doi.org/10.1017/beq.2022.44&#13;
&#13;
Royal United Services Institute. (2023, October 13). Countering threats to nuclear power plants. Retrieved 15 October 2023, from Royal United Services Institute website: https://rusi.org/publication/countering-threats-nuclear-power-plants#:~:text=Counter%2Dmeasures%20in%20place%20at,result%20in%20a%20security%20breach.&#13;
&#13;
Schein, E. H. (2010). Organizational Culture and Leadership (4th ed.). San Francisco, California: Jossey-Bass.&#13;
&#13;
Steiz, C., and; Auchard, E. (2016, April 26). German nuclear plant infected with computer viruses, operator says. Reuters. Retrieved on 6 September 2023, from https://www.reuters.com/article/us-nuclearpower-cyber-germany-idUSKCN0XN2OS&#13;
&#13;
World Nuclear Association. (2022, March). Safety of Nuclear Reactors. Retrieved 15 October 2023, from https://world-nuclear.org/information-library/safety-and-security/safety-of-plants/safety-of-nuclear-power-reactors.aspx&#13;
&#13;
Wahlstrand;ouml;m, B. (1999). Finnish and Swedish practices in nuclear safety. In J. Misumi, B. Wilpert, and; R. Miller (Eds.), Nuclear safety: A human factors perspective (pp. 49–60). London?; Philadelphia: Taylor and; Francis.&#13;
&#13;
Yland;ouml;nen, M., and; Bjand;ouml;rkman, K. (2023). Integrated management of safety and security (IMSS) in the nuclear industry – Organizational culture perspective. Safety Science, 166, 106236. https://doi.org/10.1016/j.ssci.2023.106236&#13;
&#13;
Zhang, F., and; Coble, J. B. (2020). Robust localized cyber-attack detection for key equipment in nuclear power plants. Progress in Nuclear Energy, 128, 1–11. https://doi.org/10.1016/j.pnucene.2020.103446</References>
      </References>
    </Journal>
  </Article>
</ArticleSet>