IAEA Helps Romania Enhance Exercises on Transport Security

Strengthening the security of nuclear and other radioactive material in transport, and developing practical skills for planning, conducting and evaluating transport security exercises was the focus of a recent IAEA workshop held in Romania.
“Nuclear and other radioactive material is regularly transported from one place to another for various uses, such as for medical applications, agriculture, nuclear power and scientific research,” said Elena Buglova, IAEA Director of Nuclear Security. “When this material is in transport, whether nationally or internationally, it is potentially vulnerable to security threats, for which we need to be vigilant.”
The four day workshop included classroom presentations and field demonstrations, as well as a virtual exercise in which participants watched a simulated event involving an attempted malicious interception of a vehicle transporting a radioactive source, and practiced evaluating the situation and developing an appropriate course of action in a realistic and interactive way. These actions included summoning additional response forces and executing evasive and protective maneuvers to prevent the adversaries from achieving their objective.
“Romania experiences a high number of nuclear and other radioactive material shipments both within and across its borders,” said Sorin Repanovici, Senior Expert at the Romanian National Commission for Nuclear Activities Control (CNCAN). “Ensuring that our response plans are effective and that all national stakeholders are fully trained to rapidly respond to a nuclear security event during the transport of these materials is of utmost importance.”
“By practicing scenarios during exercises and assessing our capabilities, we can establish good practices, as well as identify areas needing improvement, so we can then make targeted efforts to strengthen our national nuclear security regime,” he added.
It is estimated that worldwide, around 20 million shipments of radioactive materials are transported every year. The IAEA assists Member States to enhance their capabilities to help ensure both the safety and security of nuclear and other radioactive material during transport. Safety, in this context, refers to protecting the public from the radioactive contents of a package, whereas security refers to guarding nuclear and other radioactive material with locks, seals and other technologies and methods to prevent it from falling into the wrong hands.
Nineteen participants from national stakeholder organizations involved in nuclear security took part in the workshop, including nuclear security response forces, the national regulator, and nuclear facility operators and carriers. Discussions focused on the need for robust coordination among stakeholders and the importance of conducting and learning from regular transport security exercises, in order to properly evaluate the readiness of response forces to deal with a nuclear security event during transport.
The workshop was conducted in a hybrid format, which included in-person presentations from local and IAEA instructors, as well as virtual contributions from experts in the United Kingdom and the United States. The Romanian Horia Hulubei National Institute of Physics and Nuclear Engineering and the General Inspectorate of the Gendarmerie provided a practical demonstration of a radioactive material transport vehicle and the physical protection equipment used by response forces. The virtual transport security exercise was conducted remotely with the assistance of experts from Oak Ridge National Laboratory in the United States, who used newly developed innovative exercise software to portray the hypothetical nuclear security event using advanced high-resolution satellite imagery.

ITU Handbook update: Wireless guidelines to support intelligent transport

As the world’s population approaches 8 billion, with more and more people migrating to ever-expanding cities, life and work are also becoming increasingly mobile.
But while these long-term trends can boost quality of life and create new communities, they also bring unprecedented traffic congestion, air pollution, and road safety challenges.
Managing these negative impacts calls for new levels of intelligence and responsiveness in the world’s transport systems.
Since most of us rely on some form of transport in our everyday lives, a tremendous number of people stand to benefit from smarter mobility.
What are ITS?
Intelligent transport systems (ITS) combine computers, communications, positioning, and automation technologies to improve the safety, management, and efficiency of terrestrial transportation.
Systems using wireless communications, sensors, and computer and control technologies are well placed to ease traffic congestion and reduce incidents. Communication standards ensure interoperability and make ITS easy for anyone to use.
Land Mobile Handbook updated
Growing ITS use increases the need for well-informed digital infrastructure planning, especially in relation to wireless-based land mobile systems. To strengthen decision-making in this area, the International Telecommunication Union (ITU) has published an updated volume of a key reference guide, the Handbook on Land Mobile (including Wireless Access), whose fourth volume deals with ITS.
The Handbook is designed to assist in training engineers and planners in regulating, planning, engineering, and deploying these systems, especially in developing countries.
The new Volume 4 replaces the 2006 edition. Development of the multi-volume Handbook began in the late 1990s, aiming to help developing countries build state-of-the-art land mobile services of all kinds.
The five volumes published to date are:
• Volume 1: Fixed Wireless Access
• Volume 2: Principles and Approaches on Evolution to IMT-2000
• Volume 3: Dispatch and Advanced Messaging Systems
• Volume 4: Intelligent Transport Systems
• Volume 5: Deployment of Broadband Wireless Access Systems
Volume 4 summarizes the current and developing use of wireless communications in ITS around the globe, including ITS architecture and applications. Despite rapid uptake, ITS remains in its infancy as a technology.
The new volume gives an overview of wireless communications used in ITS globally by 2020.
It also includes chapters on ITS applications, ITS communication architecture, radio technologies for ITS, and international and national standardization. The final chapter describes radio frequency usage for ITS systems.

Improved Performance Planning Could Strengthen Technology Transfer

A Department of Energy national lab developed a battery that now powers some hybrid and electric cars. But how do new energy technologies get from the lab to the market?
Transferring technologies from the DOE to private companies isn't always easy. Barriers such as the "valley of death"—a gap between the end of public funding and the start of private funding—can stop a transfer.
The Department of Energy (DOE) and its national labs have taken several steps to address potential barriers to technology transfer—the process of providing DOE technologies, knowledge, or expertise to other entities. GAO characterized these barriers as (1) gaps in funding, (2) legal and administrative barriers, and (3) lack of alignment between DOE research and industry needs. For example, the “valley of death” is a gap between the end of public funding and start of private-sector funding. DOE partly addresses this gap with its Technology Commercialization Fund, which provides grants of $100,000 to $1.5 million to DOE researchers to advance promising technologies with private-sector partners. Further, DOE's Energy I-Corps program trains researchers to commercialize new technologies and to identify industry needs and potential customers. However, DOE has not assessed how many and which types of researchers would benefit from such training. Without doing so, DOE will not have the information needed to ensure its training resources target the researchers who would benefit most.
DOE plans and tracks the performance of its technology transfer activities by setting strategic goals and objectives and annually collecting department-wide technology transfer measures, such as the number of patented inventions and licenses. However, the department does not have objective and measurable performance goals to assess progress toward the broader strategic goals and objectives it developed. For example, without a performance goal for the number of DOE researchers involved in technology transfer activities and a measure of such involvement, DOE cannot assess the extent to which it has met its objective to encourage national laboratory personnel to pursue technology transfer activities. Internal control standards for government agencies call for management to define objectives in measurable terms, either qualitative or quantitative, so that performance toward those objectives can be assessed. Moreover, DOE has not aligned the 79 existing measures that it collects with its goals and objectives, nor has it prioritized them. Some lab stakeholders said that collecting and reporting these measures is burdensome. Prior GAO work has found that having a large number of performance measures may risk creating a confusing excess of data that will obscure rather than clarify performance issues.

Cybersecurity in the Maritime Sector: ENISA Releases New Guidelines for Navigating Cyber Risk

The European Union Agency for Cybersecurity provides port operators with a set of good practices to help them identify and evaluate cyber risks, and effectively identify suitable security measures.
The European Union Agency for Cybersecurity (ENISA) released cybersecurity guidelines to help European port operators manage cyber risks amid digital transformation and increased regulations. ENISA’s new Guidelines - Cyber Risk Management for Ports was drafted in collaboration with several ports in EU Member States. The publication builds on ENISA’s 2019 Port Cybersecurity Report by providing actionable practices that speak to the current cybersecurity threats and changing digital landscape faced by Europe’s maritime sector.
EU Agency for Cybersecurity Executive Director Juhan Lepassaar stated: “The maritime sector plays a pivotal role in the global supply chain. Advancing digital technologies bring economic benefits to ports, but also introduce new cyber threats. The report provides guidelines and good practices to support them in effectively conducting this cyber risk assessment, which is where many of these operators face challenges.”
The interconnected nature of ports requires operators to achieve and maintain a baseline level of cybersecurity to ensure security across the port ecosystem. The report notes that the EU maritime sector has a fragmented approach to assessing cyber risks.
The report encourages port operators to develop a set of good practices in a means to develop this baseline level of cybersecurity. Practices include to:
- Identify cyber-related assets and services in a systematic way that includes maintaining an asset inventory, identifying dependencies and deploying automation;
- Adopt a comprehensive approach for identifying and evaluating cyber risks that includes CTI, risk indicators and business impact analysis, involves all relevant stakeholders and is integrated at an organisational level;
- Prioritise the implementation of security measures following a risk-based approach that considers security measure effectiveness and pertinence to the identified risks, and is founded in a security-by-design approach;
- Implement organisation-wide cybersecurity awareness and technical training programmes;
- Develop a comprehensive cybersecurity programme that involves a commitment by senior management;
- Conduct a cybersecurity maturity self-assessment to identify priorities for improvement, and budget and resource allocation.
Background
The NIS Directive classifies several categories of port operators as Operators of Essential Services (OES), including port authorities and terminal operators. Cyber risk assessments are among the NIS Directive requirements for these OES. The International Maritime Organisation’s (IMO) International Ship and Port Facility Security (ISPS) code concerns port facilities / terminal operators and provides a framework for conducting security risk assessment, albeit not necessarily specific to cyber risks. The ISPS code is implemented in the EU by Regulation 725/2004; while EU Directive 2005/65 on enhancing port security introduces similar requirements and extends them to ports.
The EU Agency for Cybersecurity supports cybersecurity in Europe’s maritime sector by providing recommendations, supporting the development of regulations, facilitating information exchange and organising awareness-raising events. In 2019, the Agency published its Port Cybersecurity Report with a set of cybersecurity good practices for the maritime sector, and organised two maritime security workshops with the European Maritime Safety Agency (EMSA).
The Agency is currently developing an online tool for cyber risk management for port operators, and will continue its work with EU bodies, such as the EMSA, and Member States to strengthen cybersecurity for the sector.

ENISA publish report for cyberecurity measures in Railway Transport Sector

Representing 472 billion passenger-kilometres, 216,000 km of active railways3 and 430 billion tonne-kilometres for freight transport, the railway sector plays an important and fast-growing role. Railway infrastructure and systems are key assets, crucial to developing and protecting the European Union.
The railway sector enables goods and passengers to be transported within countries and across borders, and is key to the development of the European Union. The main players within this sector are the railway undertakings (RU), in charge of providing services for the transport of goods and/or passengers by rail; and the infrastructure managers (IM), in charge of establishing, managing and maintaining railway infrastructure and fixed installation, including traffic management, control-command and signalling, but also station operation and train power supply. Both are in the scope of the NIS Directive, and their identification as operator of essential service (OES) respects the transposition of laws to the majority of member states.
Challenges
The study also identifies the main challenges faced by the sector to enforce the NIS Directive:
- Railway stakeholders must strike a balance between operational requirements, business competitiveness and cybersecurity, while the sector is undergoing digital transformation which increases the need for cybersecurity.
- Railway stakeholders depend on suppliers with disparate technical standards and cybersecurity capabilities, especially for operational technology.
- OT systems for railways have been based on systems that were at a point in time secure according to the state-of-the art but due to the long lifetime of systems they eventually become outdated or obsolete. This makes it difficult to keep them up-to-date with current cybersecurity requirements. Furthermore, these systems are usually spread across the network (stations, track, etc.), making it difficult to comprehensively control cybersecurity.
- Railway operators report issues of low cybersecurity awareness and differences in culture, especially among safety and operations personnel.
- Existing rail specific regulation doesn’t include cybersecurity provisions. OES often have to comply with non-harmonized cybersecurity requirements deriving from different regulations.
ERTMS is also covered in this study as a separate infrastructure due to its special requirements and its cross-European nature.