Computer security in the nuclear supply chain is an important element of risk management. Nuclear facilities and operations rely upon complex networks of suppliers, vendors, and integrators to provide digital technology, services, and support. This provides a supply chain attack surface that may be exploited to compromise nuclear facilities, operations, and secure environments. Compromise of the supply chain may provide a means to circumvent computer security measures that are in place to protect these critical systems, therefore a defence-in-depth approach that involves people, processes, and technology is needed.

The purpose of this publication is to assist Member States in raising awareness of cyber risks in the nuclear supply chain and help to identify critical issues and mitigation techniques. The aim is to reduce the supply chain attack surface by providing information, good practices, and mitigation techniques through all phases of the supply chain including design, hardware and software development, testing, transportation, installation, operation, maintenance and decommissioning of nuclear computer-based systems.