Adoption of cloud solutions can offer significant benefits for the nuclear sector, writes PA Consulting cyber security expert David Sylvester, as he discusses the security considerations

Cloud

Organisations are increasingly adopting a cloud first approach.

Traditionally, and perhaps unsurprisingly, nuclear organisations have taken a cautious approach to cyber security and information assurance, which has had some bearing upon the pace of adoption of new and emerging technologies across the sector. As technology matures, and the security services provided by vendors continue to improve, cloud solutions have delivered significant opportunities whilst simultaneously addressing regulatory and security concerns.

Organisations are increasingly adopting a cloud first approach

Historically, there has been some reluctance to fully adopt cloud technologies across the nuclear enterprise. However, as organisations realise the gains to be made, increasing numbers of nuclear licensees and dutyholders are now looking to the cloud as a credible solution for their enterprise IT and a means by which data from their operational environments can be better exploited.

By enabling organisations to shift towards the cloud, and better capture and interrogate data in their operational processes, it will be possible to identify meaningful efficiencies as well as improve safety and the ways of working within these environments. This has been advantageous throughout the COVID-19 pandemic as organisations continued to operate remotely instead of relying on isolated, enclave computing environments.

To deliver the benefits, organisations are increasingly reliant upon having access to significant volumes of data and services that are better suited to cloud environments. As a result, many are already looking to embed these technologies into their new and revised operating models.

Coupled with increased understanding from vendors of the requirements relating to hosting classified data in the cloud, and a regulatory framework which is much more focussed on delivering key security outcomes, cyber security and information assurance is now a significant enabler when it comes to cloud adoption in the nuclear sector. Projects have already demonstrated that it is possible to gather significant volumes of data from operational equipment and use it to develop a better understanding of process, using tools such as Artificial Intelligence, Machine Learning, and Digital Twins. Digital twins of organisational plants, for example, can show how operational data can help realise process improvements.

Similarly, sensitive data can be hosted within the cloud environment and this can lead to significant improvements in the way that organisations manage information, communicate, and collaborate. As better tooling is made available in classified environments, for example through video conferencing, individuals can participate in classified meetings, without travelling to remote sites. The same can be said for collaboration, where it’s easier to email and share documentation in secure collaboration environments quickly, with less reliance on hand-carrying documentation to key stakeholders.

Secure cloud services support a wide range of business areas to deliver real benefits

Historically, classified computing environments have been standalone, isolated networks that have been approved to deliver a limited set of capabilities. This was driven by a desire to protect proprietary information and IP, as well as a legal requirement to protect classified, sensitive nuclear information. Over time, these systems have become limited in the capability they provide, compared with newer, more contemporary systems, and are often costly to support and maintain, whilst impacting business flexibility. By transferring as many business processes as possible into the cloud, it is possible to improve security and deliver real business benefits.

As with all activities within the sector, licensees and dutyholders need to demonstrate to their shareholders, the general public and the regulator (the ONR) that classified nuclear data hosted in the cloud is managed securely. Given the unique requirements of many of the UK’s nuclear organisations, particularly when it comes to protecting classified data, cloud infrastructures must be designed and deployed with security in mind. Transferring best practice from other sectors, such as government and defence, should be a key component of this. By working with cloud providers, who have a much greater understanding of these unique operating environments, it is possible for nuclear organisations to transition to the cloud.

Appropriately secured cloud technologies are a real business enabler within the sector

Whether this transition is driven by a need to provide increased connectivity to staff, or a desire to fully exploit digital technologies, it is clear that cloud solutions, built from the ground up and with security in mind, are a credible alternative to on-premises solutions. A small number of licensees and dutyholders have already demonstrated the benefits of cloud adoption and it’s time for others to realise the benefits of improved security, access to data collaboration and more efficient information sharing.

This article first appeared in Nuclear Engineering International magazine.