KiVA2022 – International Cyber Security Exercise in Nuclear Facilities

This exercise was prepared and conducted by the Slovenian Nuclear Safety Administration in cooperation with the International Atomic Energy Agency (IAEA) and the Austrian Institute of Technology (AIT).

On the 17^th of May 2022, the main frameworks and objectives of the exercise were presented at an introductory meeting with numerous high representatives of organizations involved in ensuring cyber security in the nuclear sector in Slovenia who expressed their support for the exercise.

During the next two days, 18^th and 19^th May 2022, the following key cyber security stakeholders of Slovenian nuclear sector attended the exercise: operators of nuclear facilities (Nuclear power plant - NEK d. o. o., Central Radioactive Waste Storage - Radioactive Waste Agency, and the TRIGA Research Reactor - Jožef Stefan Institute), administrative bodies (Government Information Security Office, Ministry of the Interior, Slovenian Nuclear Safety Administration), technical support organizations (SI-CERT, SIGOV-CERT and the Ministry of Defence) and suppliers of computer equipment (Iskra d. o. o. and Agitavit Solutions d. o. o.). The exercise was the first of its kind in Slovenia and in the world. It was closely monitored by several observers from Slovenia and abroad: representatives of Austria, Argentina, Romania, Switzerland, the United Arab Emirates, the United States of America, as well as the international organization WINS (World Institute for Nuclear Security).

Moreover, the KiVA²⁰²² exercise was conducted through a scenario which took place at a fictive nuclear facility in order to ensure a high level of information security. In addition to the focus on responding to cyber threats, the scenario also included aspects of nuclear security and nuclear safety at a fictive nuclear facility. Besides, it was carried out using specially designed exercise information and process equipment models used by nuclear facilities, as well as software and hardware used by cyber attackers.

In conclusion, the numerous participation (70 experts in total) and active involvement of both domestic and foreign representatives confirms the high awareness of the importance of ensuring cyber security in nuclear facilities. By carrying out this exercise, Slovenia has once again shown its enviable readiness for extraordinary events, including those caused by cyber-attacks, as well as strong connections between national and international stakeholders.