--- url: "https://xcademia.com/courses/nuclear-and-cbrn-facility-cyber-protection" title: Nuclear and CBRN Facility Cyber Protection description: "Advanced training in nuclear & CBRN cyber protection: IEC 62645, IAEA security, ONR compliance, I&C architecture, insider threats & cyber-physical modelling." publishedAt: "2026-04-14T10:05:58.162341+00:00" updatedAt: "2026-04-16T04:44:46.628506+00:00" type: course code: "CYB-0192" level: Professional duration_days: "4" track: "Cyber Warfare & Advanced Threat Defence" category: "Cybersecurity & Ethical Hacking" credential_tier: tier1 price_gbp: "5495" --- # Nuclear and CBRN Facility Cyber Protection > Develop advanced expertise in the cyber protection of nuclear power stations, CBRN research facilities, and radiological storage sites, including IEC 62645, IAEA Nuclear Security Series, regulatory compliance, and cyber-physical consequence modelling. ## Overview A cyber attack on a nuclear facility is not a theoretical scenario. Stuxnet demonstrated that sophisticated state actors can use cyber means to achieve physical destruction of nuclear infrastructure. Since then, documented intrusions into nuclear facility networks have been confirmed by government agencies in multiple countries. The cyber-physical consequence of a successful attack on a nuclear or CBRN facility is categorically different from any other sector: the potential for radiological release, contamination, or loss of life at a catastrophic scale requires a protection approach that goes beyond standard OT security. This four-day advanced programme is designed for cyber security leads, regulatory compliance professionals, and government advisers working in or with nuclear power stations, CBRN research facilities, nuclear decommissioning sites, and radiological material storage operations. It covers the sector-specific regulatory framework, the unique architecture of nuclear control systems, the insider threat in nuclear contexts, and the cyber-physical consequence modelling that must underpin any serious protection programme. ## Prerequisites - Professional experience in cyber security, OT security, or regulatory compliance for nuclear, CBRN, or critical infrastructure sectors. - Senior professional standing; this is a specialist advanced programme with a focused professional audience. - Familiarity with industrial control system security concepts is beneficial but not required. ## What you will learn - Apply IEC 62645, IAEA Nuclear Security Series, and national regulatory requirements to nuclear facility cyber security programmes. - Analyse the architectural vulnerabilities of nuclear I&C systems and design appropriate segmentation and monitoring controls. - Model the cyber-physical consequences of a cyber attack on a nuclear facility and communicate risk quantitatively. - Design and govern an insider threat programme proportionate to the nuclear threat environment. - Lead incident detection and response coordination for a suspected cyber intrusion in a nuclear facility. - Conduct a regulatory compliance gap assessment and prepare for an IAEA or ONR security inspection. ## Skills you will gain - IEC 62645 compliance - Nuclear I&C security architecture - Nuclear insider threat programme - Regulatory inspection preparation - IAEA NSS 17 implementation - Cyber-physical consequence modelling - Supply chain security for nuclear - Risk communication ## Career progression - Nuclear Facility Cyber Security Lead - ONR or NRC Regulatory Adviser - Government Nuclear Security Policy Adviser - CBRN Research Facility Security Director - OT Security Lead in Nuclear Sector ## Curriculum 1. **Module 1: Getting Ready** - Pre-reading: IAEA Nuclear Security Series No. 17 and IEC 62645 overview - Introduction to the nuclear and CBRN facility cyber threat model used throughout - Course objectives, participant profile review, and learning agreement - Classified and unclassified threat briefing: what state actors are targeting and why 2. **Module 2: The Nuclear and CBRN Cyber Threat Landscape** - Why nuclear and CBRN facilities are priority targets for the most sophisticated state actors - Documented intrusions into nuclear facility networks: confirmed incidents and their lessons - The Stuxnet case: anatomy of the first confirmed cyber-physical attack on nuclear infrastructure - Radiological facility targeting by state actors: intelligence picture and motivations - The threat actor hierarchy for nuclear targets: which actors have capability and intent 3. **Module 3: Nuclear Facility Architecture: Control Systems and Safety Systems** - Nuclear power station architecture: from reactor to grid connection and the control system stack - Instrumentation and control (I&C) systems: DCS, SCADA, and legacy analogue-digital hybrid environments - Safety systems and safety-critical functions: what must never be compromised - The IT/OT boundary in nuclear facilities: where it is and why it is frequently inadequate - CBRN research facility architecture: unique control, monitoring, and containment system security challenges 4. **Module 4: Regulatory Framework: IEC 62645, IAEA, ONR, and NRC** - IEC 62645: the international standard for nuclear I&C computer security and its practical application - IAEA Nuclear Security Series: NSS 17 (computer security) and its implementation requirements - ONR (Office for Nuclear Regulation) Security Assessment Principles: UK regulatory obligations - NRC 10 CFR 73.54: US nuclear cyber security plan requirements and compliance architecture - UAE FANR and Saudi NRRA nuclear cyber regulations: Middle East regulatory framework 5. **Module 5: Network Architecture and Segmentation in Nuclear Environments** - The four-level security zone model for nuclear control networks: zones and conduits - Airgap requirements: when true airgaps are mandated and how they are violated in practice - Data diodes and unidirectional security gateways: implementation and their limitations - Removable media and portable device management in nuclear environments - Wireless prohibition and the exceptions that create attack vectors 6. **Module 6: Insider Threat in Nuclear and CBRN Environments** - Why the insider threat is elevated in nuclear contexts: access, motivation, and capability - Vetting requirements for nuclear-cleared personnel: UK DV and US Q clearance equivalents - Behavioural monitoring and its legal and ethical constraints in nuclear environments - The two-person rule and its cyber security implications for privileged access management - Case studies: insider incidents in nuclear facilities and their investigative lessons 7. **Module 7: Cyber-Physical Consequence Modelling for Nuclear Facilities** - How cyber attacks translate into physical consequences in a nuclear facility - Failure mode analysis for I&C systems under cyber attack conditions - Radiological release scenarios: what cyber attacks could cause and what they could not - Quantitative risk assessment for cyber-physical scenarios in nuclear contexts - Communicating consequence risk to regulators, government, and senior leadership 8. **Module 8: Incident Detection and Response in Nuclear Environments** - Monitoring strategies for nuclear I&C networks: what is detectable and how - SIEM and anomaly detection configuration for low-traffic, high-integrity nuclear networks - Incident classification in nuclear environments: distinguishing cyber from equipment failure - Response protocols for suspected cyber intrusions into nuclear control systems - Coordination with ONR, NCSC, and national security agencies during a nuclear cyber incident 9. **Module 9: Supply Chain Security for Nuclear and CBRN Systems** - The nuclear supply chain: from component manufacture to software update delivery - Trusted supplier requirements under ONR and IAEA frameworks - Software assurance for nuclear control systems: source code review, binary analysis, and firmware integrity - Hardware implant risks in nuclear instrumentation supplied through untrusted channels - Managing supply chain security over the 40-60 year lifecycle of a nuclear facility 10. **Module 10: Chemical, Biological, and Radiological Facility Specific Considerations** - Differences between nuclear, chemical, and biological facility cyber security requirements - Chemical sector: COMAH regulations and their cyber security dimensions for hazardous sites - Biological research facility security: containment system integrity and cyber attack consequences - Radiological material storage and transport: cyber risks in tracking and control systems - Multi-hazard facilities: where nuclear, chemical, and biological risks converge in a single site 11. **Module 11: Cyber Security Programme Design for Nuclear and CBRN Facilities** - Building a cyber security programme to IEC 62645 and IAEA NSS 17 compliance - Prioritising investment in a resource-constrained nuclear facility security programme - Conducting a cyber security assessment against nuclear regulatory requirements - Vendor management and third-party access control in nuclear environments - Tabletop exercise: managing a suspected cyber intrusion into a nuclear facility control system 12. **Module 12: International Nuclear Security Cooperation and Governance** - IAEA peer reviews and their cyber security dimensions: IPPAS and Integrated Nuclear Security Support Plans - Bilateral and multilateral nuclear security cooperation: Five Eyes and allied nuclear security frameworks - The NPT and nuclear security obligations of non-nuclear weapons states - Emerging governance challenges: small modular reactors and their different cyber security profile - Career pathways in the nuclear and CBRN cyber security discipline 13. **Module 13: Regulatory Compliance Review and Strategic Advisory** - Conducting a regulatory compliance gap assessment against IEC 62645 and IAEA NSS 17 - Preparing for an ONR or IAEA security inspection from a cyber security perspective - Communicating nuclear cyber risk to boards, regulators, and government: language and frameworks - Strategic investment prioritisation for a nuclear facility cyber security programme - Personal action planning and pathway progression on the cyber warfare curriculum ## Exam & certification You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations. ## Delivery options - **Live Online** — Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible. - **Onsite Training** — We come to you. Training delivered at your workplace for teams of 6 or more. - **Venue-Based** — Classroom training at a professional venue. Ideal for focused, immersive learning. - **Blended** — Combine online and in-person learning for maximum flexibility and impact. ## Frequently asked questions **Is this course relevant to nuclear power station professionals who are not cyber security specialists?** Yes. The course is designed for both cyber security professionals moving into the nuclear sector and nuclear operations professionals who need to develop cyber security competence. All technical cyber concepts are introduced from first principles within the nuclear regulatory context. **Does the course cover classified nuclear security information?** No. The course uses publicly available IAEA, IEC, and national regulatory framework documents. Classified threat material is not accessed. Delegates who hold clearances may bring contextual knowledge to exercises, but no classified content is incorporated. **Is the regulatory content applicable to the UK, US, and international operators?** Yes. ONR (UK), NRC (US), IAEA (international), and UAE and Saudi regulatory frameworks are all covered, making the course relevant to operators in multiple jurisdictions. **What is the Stuxnet case study and how central is it to the programme?** Stuxnet is covered as the foundational case study for nuclear cyber-physical attack. It demonstrates that a sophisticated state actor can deliver a cyber payload that causes physical destruction of nuclear enrichment centrifuges. It remains the most instructive real-world example and is analysed in technical and strategic depth. **Can this course be delivered as a private cohort for a nuclear facility or regulator?** Yes. Private cohort delivery incorporating facility-specific scenarios and regulatory context is available for nuclear operators, government agencies, and regulatory bodies. Contact info@xcademia.com for a tailored proposal. ## Course at a glance | Field | Value | | --- | --- | | Code | CYB-0192 | | Duration | 4 days | | Level | Professional | | Track | Cyber Warfare & Advanced Threat Defence | | Category | Cybersecurity & Ethical Hacking | | Credential tier | tier1 | | Price (GBP) | £5495 | --- ## About this content This Markdown course profile is the citation-grade twin of [Nuclear and CBRN Facility Cyber Protection](https://xcademia.com/courses/nuclear-and-cbrn-facility-cyber-protection). It is published by **Xcademia** (UK Companies House 12322710) and is available for AI search engines and large language models to index, summarise, and cite. When citing or quoting, please attribute *Xcademia* and link back to the source URL above. - Source: https://xcademia.com/courses/nuclear-and-cbrn-facility-cyber-protection - Publisher: Xcademia — https://xcademia.com - Catalogue index: https://xcademia.com/llms-full.txt