The Minister of State in Prime Minister’s office, Dr. Jitendra Singh today informed Lok Sabha that the Government is aware of the growing challenges of cyber security breaches in nuclear facilities across the world. In a written reply, he said, "Indian nuclear establishment have set rigorous procedure for design, development and operation of the systems used in its installations. Safety and security critical systems are designed and developed in-house using custom built hardware and software which are subjected to regulatory verification and validation, thereby making them resistant to cyber security threats. Critical infrastructure of nuclear power plant establishment is isolated from Internet and access to such systems is restricted to authorized personnel and is closely monitored. The Department of Atomic Energy (DAE) has specialist groups viz. Computer and Information Security Advisory Group (CISAG) and Task force for Instrumentation and Control Security (TAFICS) to look after cyber security/information security of NPCIL among other constituent units of DAE, including regular cyber security audit. Several measures have also been taken for further strengthening of Information Security in nuclear power plants viz. hardening of internet and administrative intranet connectivity, restriction on removable media, blocking of websites & IPs."
The cyber security infrastructure in DAE’s facilities/plants follow design principles and guidelines setup by DAE CISAG and India’s central cyber security agencies such as CERT-IN. On the plant side, all computer-based systems are based on standards and guidelines formulated by Atomic Energy Regulatory Board and TAFICS which are ultimately derived in large part based on standards established by International Atomic Energy Agency (IAEA), Dr Singh said in a written reply in Lok Sabha today.