Delivering success

Management of cybersecurity services at the Ascó and Vandellós nuclear power plants

ANAV
October 3rd, 2016
Cybersecurity

We guarantee Cybersecurity Management in industrial environments

The challenge Reduce the risk of suffering cyberattacks and their possible impact on key national infrastructures

Asociación Nuclear Ascó-Vandellós (ANAV), the company that manages the Ascó and Vandellós II nuclear power plants which together generate 8% of the electricity consumed in Spain, is aware of the need to protect its assets and systems against cyberattacks aimed not only at operating networks but also at management networks.

In the last few years, cyberattacks on industrial facilities have grown steadily, due to their greater level of exposure among other factors, thus increasing the need for protection. This has forced most of these facilities to develop protection plans for their critical infrastructures with the support of the Ministry of Internal Affairs, in order to detect vulnerabilities and improve their response to cybersecurity incidents.

The challenge for Minsait, Indra's Digital Transformation unit, was to develop and implement solutions for managing and improving this Plan in an effective and ongoing way, fulfilling ANAV's core objectives, based on the need to protect the assets from cyberattacks.

The solution Advanced monitoring solution for IT and Communications Systems

Minsait has made available to ANAV its proprietary tools, technical and human resources, and its strong professional links and alliances focused on the protection of industrial systems and the defence against and response to any cybersecurity-related incident, in compliance with the critical infrastructure protection plans. These solutions monitor the IT and Communications systems of the nuclear power plants. The protection system is based on three fundamental and closely-related areas: cybersecurity monitoring by means of SIEM (Security Information and Event Management) tools, proactive security management and incident response capabilities.

The Monitoring Service implemented in ANAV has been capable of analysing and managing events and security warnings provided by the different data sources that make up the IT platform. Minsait's proactive management approach to security and its early warning services has made it possible to manage any possible vulnerability of the power plant assets, thus reducing the possibility of cybersecurity incidents occurring. At the same time, the response capacity to security incidents has been increased by applying preventive and reactive measures through technical support actions, audits and periodic analysis.

The impact

The service offered by Minsait was part of an overall process of continuous improvement aimed at reinforcing ANAV's Cybersecurity capabilities, complying with current law on Protection of Critical Infrastructures and aligning the company with the National Cybersecurity strategy.

Minsait's cybersecurity services have achieved an improvement in detection and reaction capabilities, as well as providing greater insight into the threats that IT systems are exposed to and optimising risk management.

Thanks to Minsait's Cybersecurity Management Systems, we have increased our capabilities for monitoring, prevention and reaction in response to security incidents and possible cyberattack attempts on the nuclear power plants we manage. Keeping our facilities safe and secure is our top priority.

Francisco Muñoz

Asociación Nuclear Ascó-Vandellós II. Manager, Operation of IT and Communications systems.