Enclosed is a note I received this morning from the International Atomic Energy Agency (IAEA): "We're aware that there's very little in NSS 17 (Computer Security at Nuclear Facilities) that addresses control systems specifically; this is one of our priority areas for additional work in the near future."
I should note that in my position as Managing Director of ISA Nuclear Plant Standards I have been trying for several years, obviously unsuccessfully, to get IAEA to address cyber security of control systems.
