Newsletters
Türkiye’s first nuclear power plant has completed the installation of critical safety systems at Unit 1. The progress comes as the government simultaneously launched a new cybersecurity framework to protect the nation's nuclear infrastructure from digital threats.
The new regulations, published in the Official Gazette, establish strict cybersecurity protocols for nuclear facilities as the nation prepares to commission its first nuclear power plant.
Under the new rules, the primary responsibility for digital security lies with the organizations operating or decommissioning these facilities.
The regulation comes as work continues at the Akkuyu Nuclear Power Plant, Türkiye’s first nuclear power plant, where the installation of passive heat removal system components has been completed at the first power unit.
Organizations will be responsible for protecting digital assets against cyberattacks, preventing attacks, detecting threats, responding to incidents and recovering affected digital assets until the nuclear facility and site are removed from regulatory control.
A manager responsible for the cybersecurity of all digital assets at a nuclear facility will be appointed and included in the facility’s organizational structure.
The regulation says that cybersecurity measures at nuclear facilities will be based on the principles of “graded approach” and “defense in depth.” A risk-based and layered protection structure will be created according to the impact of digital assets on safety, security and nuclear safeguards.
Organizations will identify all digital assets, determine their functions related to safety, security and nuclear safeguards, and assign a criticality level to each asset.
An up-to-date inventory will be kept for critical digital assets. The inventory will include the asset’s name, type, location, backup information, criticality level and responsible person.
Organizations will also prepare a cybersecurity plan and submit it to the Nuclear Regulatory Authority. The plan will be reviewed at least once a year.
The plan will be renewed if risks change, related documents are updated, the organizational structure changes or the threat-based design document is updated.
Facilities containing reactors will carry out planned cybersecurity risk assessments at least once a year. Other nuclear facilities will conduct such assessments at least once every three years.
Additional risk assessments will be carried out urgently if critical digital assets change, threat information changes or new vulnerabilities are detected.
Backup mechanisms will be established against the possibility of loss or damage to critical digital assets.
A disaster recovery center will also be created at a distance that will not be affected by main systems, in order to ensure the continuity of critical digital assets and electronic communication services in cases of disaster, malfunction or cyberattack.
The regulation also sets rules for reporting cyber incidents.
Cyber incidents and threats that damage or may damage safety, security or nuclear safeguards will be reported to the Nuclear Regulatory Authority and the Cybersecurity Presidency. A report will be submitted to the authority within five working days after the incident is detected.
The report will include the causes and effects of the cyber incident, response activities carried out, lessons learned, and corrective and preventive measures.
Organizations will conduct at least one cyber incident drill each year with a scenario covering critical digital assets to test the adequacy of their incident response plan.
These drills will be combined with safety and security scenarios and carried out in a hybrid format at least once every two years.
All facility personnel will receive cybersecurity training and awareness programs at least once a year.
Special training programs will also be carried out for cybersecurity personnel. Access permissions for staff will be limited according to job descriptions and levels of expertise.
Organizations will report information on cybersecurity implementation by the end of February of the following year.
The report will include cybersecurity tests, internal audits, training programs, activities to eliminate vulnerabilities and planned work for the following year.
Activities under the regulation will be subject to inspection by the Nuclear Regulatory Authority. Administrative sanctions will be applied if violations of relevant legislation, authorization conditions, authority decisions or instructions are detected.
Organizations authorized before the regulation entered into force, or those that applied to the authority for authorization, will submit compliance action plans within six months. This period may be extended up to one year if the justification is found appropriate.
Separately, Akkuyu said the installation of passive heat removal system components on the dome of the reactor building at the first power unit of Akkuyu Nuclear Power Plant has been completed.
The company said experts completed the phased installation of components made up of 90 pieces of equipment and structural elements, including deflectors, heat exchangers and electromagnetic devices, at the plant being built by Russian state nuclear energy corporation Rosatom.
In the final stage of the installation, ventilation pipes were placed on the reactor building dome and concreting work was carried out on the passive heat removal system floor slabs.
With the completion of this work, the first power unit was equipped with all safety systems needed for the preparation process for commissioning operations.
1 min read
Akkuyu Nuclear Power Plant consists of four power units, each with a capacity of 1,200 megawatts and generation 3+ VVER reactors.
Modern nuclear power plant designs with VVER reactors are equipped with traditional active safety systems as well as additional passive safety systems, including the passive heat removal system. The system was first installed in the new power units of Russia’s Novovoronezh Nuclear Power Plant, the reference plant for Akkuyu.
“We have completed the installation of passive heat removal system structures at Unit 1,” Akkuyu Nuclear Inc. General Manager Sergei Butckikh said. “This is the result of months of coordinated work by experts and an important stage in the preparation of the power unit for commissioning.”
Butckikh said the passive heat removal system is one of several safety systems in modern power units with VVER-1200 reactors. “The system operates through natural physical processes that do not require power supply or operator intervention,” he said.
Set as preferred source
Set as preferred source
1 min read
