Securing the cloud9 March 2022
Adoption of cloud technologies is a key enabler across the nuclear sector. David Sylvester discusses the security considerations
Traditionally, and perhaps unsurprisingly, nuclear organisations have taken a cautious approach to cyber security and information assurance, which has slowed the pace of adoption of new and emerging technologies across the sector. But as technology matures, and the security services provided by vendors continue to improve, cloud solutions have delivered significant opportunities while simultaneously addressing regulatory and security concerns.
Historically, there has been some reluctance to fully adopt cloud technologies across the nuclear enterprise. However, as organisations realise the gains to be made, more nuclear licensees and dutyholders are looking to the cloud as a credible solution for their enterprise IT and a means by which data from their operational environments can be better exploited.
By enabling organisations to shift towards the cloud, and better capture and interrogate data in their operational processes, it will be possible to identify meaningful efficiencies as well as improve safety and the ways of working within these environments. This has been advantageous throughout the COVID-19 pandemic as organisations operate remotely instead of relying on isolated, enclave computing environments.
Organisations are increasingly reliant upon having access to significant volumes of data and services that are better suited to cloud environments. As a result, many are already looking to embed these technologies into their new and revised operating models.
Coupled with increased understanding from vendors of the requirements relating to hosting classified data in the cloud, and a regulatory framework which is much more focussed on delivering key security outcomes, cyber security and information assurance is now a significant enabler when it comes to cloud adoption in the nuclear sector. Projects have already demonstrated that it is possible to gather significant volumes of data from operational equipment and use it to develop a better understanding of process, using tools such as artificial intelligence, machine learning and digital twins. Digital twins of organisational plants, for example, can show how operational data can help realise process improvements.
Sensitive data can be hosted within the cloud environment and this can lead to significant improvements in the way that organisations manage information, communicate and collaborate. As better tooling is made available in classified environments, for example through video conferencing, individuals can participate in classified meetings without travelling to remote sites. The same can be said for collaboration, if it is easier to email and share documentation in secure collaboration environments quickly, with less reliance on hand-carrying documentation to key stakeholders.
Supporting a wide range of business areas
Historically, classified computing environments have been standalone networks that have been approved to deliver a limited set of capabilities. This was driven by a desire to protect proprietary information and intellectual property.
It was also a legal requirement to protect classified, sensitive nuclear information. Over time, these systems have become limited in the capability they provide, compared with newer systems, and are often costly to support and maintain. They also limit business flexibility. By transferring as many business processes as possible into the cloud, it is possible to improve security and deliver real business benefits.
As with all activities within the sector, licensees and dutyholders have to demonstrate to their shareholders, the general public and their nuclear regulator that classified nuclear data hosted in the cloud is managed securely. Given the unique requirements of many nuclear organisations, particularly when it comes to protecting classified data, cloud infrastructures must be designed and deployed with security in mind. Transferring best practice from other sectors, such as government and defence, should be a key component of this. By working with cloud providers, who have a much greater understanding of these unique operating environments, it is possible for nuclear organisations to transition to the cloud.
Whether this transition is driven by a need to provide increased connectivity to staff, or a desire to fully exploit digital technologies, it is clear that cloud solutions, built from the ground up and with security in mind, are a
credible alternative to on-premises solutions. A small number of licensees and dutyholders have already demonstrated the benefits of cloud adoption. It is time for others to realise the benefits of improved security, better access to data collaboration and more efficient information sharing.
About the author
David Sylvester is a cyber security expert at PA Consulting