Framework

Three pillars. One integrated security posture.

Modeled on NRC (10 CFR Parts 73 and 50.54), ASN/IRSN doctrine, IAEA NSS-27 and NSS-17, NERC CIP, and the EU NIS2 directive — adapted to Polish law and the geopolitical realities of the eastern flank.

Physical security

Defense-in-depth: three zones, progressive controls.

Concentric defense-in-depth
Owner Controlled Area
Min. 500 m buffer

Perimeter fencing, 24/7 CCTV with AI analytics, scheduled patrols, full perimeter lighting.

Protected Area
Admin · Support · Storage

Double razor-wire fence, vehicle exclusion, biometric access control, metal detection at portals.

Vital Area
Reactor · Controls · Fuel

Multi-factor authentication, ballistic-rated airlock doors, AI-assisted video, two-person rule enforced.

Armed response posture

Standing internal force + military reaction.

  • Standing armed internal force (SUFO): 60–100 officers on rotating duty, long arms, body armor, night vision.
  • MoU with Military Gendarmerie / ABW: special forces reinforcement within 30 minutes.
  • Quarterly Force-on-Force exercises with national Police and Border Guard, per NRC standard.
  • NOTAM-coordinated no-fly zones over the site, integrated with Polish Air Force command.
External threat hardening

Designed for the post-9/11, post-Fukushima, post-Ukraine threat set.

  • Aircraft impact resistance per 10 CFR 50.150 — B737-class airframe.
  • AP1000 passive cooling: 72 h autonomy without external power or operator action.
  • FLEX program — mobile generators and pumps, post-Fukushima NRC standard.
  • Water-retention reservoirs and emergency systems sited outside blast envelope.

Cybersecurity

OT and IT separated by design. Purdue model, end to end.

L 4–5
Corporate / Internet
Full separation from L0–L3 MFA VPN SIEM 24/7 SOC Threat intel
L 3
Production operations · MES
DMZ with NGFW OT-tuned IDS/IPS (Dragos / Claroty) No direct internet path
L 2
Process control · DCS
Air-gapped network Whitelisted workstations only One-way data diodes
L 0–1
Field devices & PLC
Physical isolation No network exposure Cryptographically verified firmware

SOC and incident response

Off-site Security Operations Center, with EDF Lyon as the reference. France's EDF runs a centralized SOC monitoring 56 reactors; the U.S. NRC requires every operator to maintain a regulator-approved Cyber Security Plan. Poland needs both — a dedicated SOC and a codified incident-response playbook.

Operating model

SOC architecture & cooperation.

  • Dedicated SOC sited off-plant, with hot data replication.
  • Active cooperation with CERT Polska and CSIRT KNF.
  • ISAC Energetyka membership (NIS2 + CER directive).
  • Mandatory escalation to ABW within 4 h of detection.
  • Annual Cyber Force-on-Force exercises against APT scenarios.
Service levels

Codified, measurable, auditable.

24/7
Continuous OT and IT monitoring
≤ 4h
Mandatory ABW escalation
1×/yr
Cyber Force-on-Force minimum

Supply chain

The hardest perimeter to defend is the one upstream. Stuxnet (2010) physically destroyed centrifuges via Siemens STEP 7. SolarWinds (2020) compromised thousands of organizations through a single trusted update channel. Vital Area components require supply-chain controls calibrated to those lessons.

Approved Supplier List

Mandatory pre-contract security audit before any vendor enters the procurement chain. List maintained by SOC and reviewed annually.

SBOM requirement

Every software component delivered to site must arrive with a Software Bill of Materials. Open-source dependencies tracked end-to-end.

Country-of-origin restriction

Vital Area components from high-risk jurisdictions are barred — aligned with U.S. ECCN/EAR controls and UK NCSC guidance.

Continuous vendor monitoring

Threat-intelligence feeds tied to the supplier list. A vendor compromise downstream triggers immediate review of all installed components.

People and procedures

Chernobyl and Three Mile Island both came back to people. Personnel reliability, training depth, and procedural discipline are the load-bearing controls of any plant security regime.

Personnel Reliability Program

Biennial psychological, criminal-record, and financial screening for all Vital-Area staff. Dedicated review board, GDPR-compliant data handling.

Two-Person Integrity Rule

No single-operator activity in the Vital Area. Every safety-critical task is co-witnessed and logged.

Full-scope simulator training

Minimum 40 hours annually per reactor operator, covering loss-of-coolant, station blackout, and security-driven scenarios.

Insider threat program

Behavioral analytics team monitoring anomalies, modeled on NRC Regulatory Guide 5.77, operated within Polish labor and privacy law.

Crisis management

Two emergency planning tiers. One coordinated response.

Internal — On-site response
  • Emergency Operating Procedures (EOP).
  • Site Emergency Plan compliant with IAEA Safety Guide GSG-2.
  • Off-site Emergency Operations Facility — radiation-hardened, 7-day autonomous power.
  • Continuous radiological monitoring within 50 km, integrated with PAA and IAEA Safeguards.
External — Public protection
5 km urgent action · 30 km long-term planning
  • Coordination with State Fire Service, Polish Armed Forces, medical services.
  • Biennial full-scale exercises across all participating agencies.
  • Pre-staged sheltering, evacuation, and iodine prophylaxis logistics.
  • Network of automated radiation stations within a 50 km radius, integrated with PAA and IAEA Safeguards Analytical Services.

Hybrid and asymmetric threats

Kaliningrad next door. Drones over Ukraine. This is design data.

01

Counter-UAS systems

Radar detection · RF jammers · kinetic SHORAD/VSHORAD interceptors, deployed under MoN/MSWiA authority.

02

Redundant power feeds

Two independent high-voltage lines plus 72 h+ islanding capability, allowing autonomous operation during grid attacks.

03

Information warfare

Pre-rehearsed crisis communications, coordinated public messaging, counter-disinformation playbooks. The narrative is part of the perimeter.

04

Allied exercises

Joint scenarios with ABW, SKW, and the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Tallinn.

Next
Leadership
Schedule a briefing