During their plenary meeting in April 2025, WENRA members endorsed a joined ENSRA-WENRA position paper on key principles of establishing an effective cyber security posture within the civil nuclear sector. Technical implementation of the
programme is out of scope.
As in physical security, accountability for cyber security fully lies with the top management and cannot be transferred. However, in contrast to a physical security incident, detection of a cyber security incident can be challenging and difficult to mitigate. In addition, tools facilitating cyberattacks are widely available to a broad range of adversaries. The importance of holistic approaches to security are key to ensure that physical, personnel and cyber security can all work together to act as a compounding factor in both preventative and responsive requirements.
Therefore, it is necessary to develop, implement, and maintain an effective cyber security posture in accordance with national legislation and regulations.
These key principles are:
- Establishing Responsibilities and Capabilities
- Risk Management
- Asset and Change Management
- Protecting Against Compromise and Security by Design
- Incident Preparedness and Response
- Reporting and Notification
The joint ENSRA-WENRA document can be found here or on our documents page.
Information about WENRA
WENRA is an association of the heads of nuclear safety regulators in the European Union and Switzerland. It was established in 1999.