27. 10. 2021

ČEZ nuclear power plants are the first in the world to undergo an information and cybernetic security audit

The condition and set-up of protection of information systems of nuclear power plants, as well as employee awareness of the importance of information and cyber security and compliance, and the compliance of existing conditions at ČEZ with statutory requirements. Those are only examples of areas on which an audit of the Information Security Management System (ISMS) focused. Dukovany and Temelín are among the world’s first nuclear facilities to successfully undergo the process.

Not only fences, no-fly zones, and multiple back-ups of security systems.  According to the current requirements of international organisations, the features of nuclear power plant protection include the maximum reasonably attainable level of information and cyber security.  And that was the focus of the international certification audit.  Aside from an evaluation of documentation and physical checks at six locales of the ČEZ nuclear power plant division, the audit also included an analysis of the handling of actual security incidents and interviews with more than fifty employees.

“Cyber security is one of our priorities.  We take threats and risks very seriously and can never be entirely satisfied.  We continuously update and regularly check our security measures, which is also the case of the recently completed ISMS certification audit,” says Chairman of the Board and CEO of ČEZ Daniel Beneš.

Last year alone, ČEZ detected 6.5 times more suspicious activities in the network than in 2017.  In the sphere of critical infrastructure protection, we intensively cooperate with security forces and institutions, including the National Cyber and Information Security Agency (NÚKIB), Military Intelligence (VZ), and Czech Police (PČR).  That is one of the reasons why we were among the first in the Czech Republic to launch our own unique monitoring centre, in the second half of September – the iSOC (Integrated Security Operations Center) which monitors the protection of ČEZ Group in terms of physical, information, and cyber security.

“According to our statistics, last year alone hackers attacked every fifth hospital in the country.  We alone have registered dozens of attempts on a daily basis.  Being aware of the importance of distribution networks and key sources of power generation, we place utmost emphasis on cyber security,” explains the Director of the ČEZ Group Security Department, Daniel Rous.

The nuclear power plants themselves, on which the audit centred, are among the most closely watched operations in the Czech Republic.  Of the European energy companies approached, the ČEZ Nuclear Power Plant Division was the first to undergo the international ISMS audit.

In the nuclear power sector, an outside view is extremely valuable.  Security, including cyber security, is one of our greatest priorities, and because of the risk of so-called “operational blindness,” and the opportunity to obtain suggestions for improvements, we undergo a number of missions and audits on an annual basis.  That is why I am very pleased about the outcome,” adds Member of the Management Board and Director of the ČEZ Nuclear Power Division Bohdan Zronek.

The certificate issued pursuant to the applicable international ISO standards is valid until October 2024.  Czech nuclear power plants will undergo another inspection, this time under the auspices of the International Atomic Energy Agency, in November.