During their plenary meeting in April 2025, WENRA members endorsed a joined ESNRA-WENRA position paper on key principles of establishing an effective cyber security posture within the civil nuclear sector. Technical implementation of the programme is out of scope.
As in physical security, accountability for cyber security fully lies with the top management and cannot be transferred. However, in contrast to a physical security incident, detection of a cyber security incident can be challenging and difficult to mitigate. In addition, tools facilitating cyberattacks are widely available to a broad range of adversaries. The importance of holistic approaches to security are key to ensure that physical, personnel and cyber security can all work together to act as a compounding factor in both preventative and responsive requirements.
Therefore, it is necessary to develop, implement, and maintain an effective cyber security posture in accordance with national legislation and regulations.
These key principles are:
- Establishing Responsibilities and Capabilities
- Risk Management
- Asset and Change Management
- Protecting Against Compromise and Security by Design
- Incident Preparedness and Response
- Reporting and Notification
Information on ENSRA
Established in 2004, the European Nuclear Security Regulators Association (ENSRA), like WENRA, is an informal group of like-minded European regulators in nuclear security, and associated, government nominated, public advisory bodies. To ENSRA Website
