The Department of Atomic Energy (DAE) has specialist groups to look after cyber security

India's nuclear installations use systems that are resistant to cyber attacks, the government said on Wednesday.

Critical infrastructure of nuclear power plant establishment is isolated from Internet and access to such systems is restricted to authorized personnel and is closely monitored, Minister of State for Science & Technology Jitendra Singh, who is in charge of the Department of Atomic Energy, said.

In a written reply to a question in the Lok
Sabha, Singh said the Indian nuclear establishment has set "rigorous procedure for design, development and operation of the systems used in its installations".

The safety and security critical systems are designed and developed in-house using custom built hardware and software which are subjected to regulatory verification and validation, thereby making them resistant to cyber security threats, the minister noted in the reply.

"The Department of Atomic Energy (DAE) has specialist groups viz Computer and Information Security Advisory Group (CISAG) and Task force for Instrumentation and Control Security (TAFICS) to look after cyber security/information security of NPCIL among other constituent units of DAE, including regular cyber security audit," Singh's reply stated.

Several measures have also been taken for further strengthening of Information Security in nuclear power plants viz. hardening of internet and administrative intranet connectivity, restriction on removable media, blocking of websites & IPs.

The cyber security infrastructure in DAE’s facilities/plants follow design principles and guidelines setup by DAE CISAG and India’s central cyber security agencies such as CERT-IN.

On the plant side, all computer-based systems are based on standards and guidelines formulated by Atomic Energy Regulatory Board and TAFICS which are ultimately derived in large part based on standards established by International Atomic Energy Agency (IAEA).