Our People is a regular feature focusing on staff at the Office for Nuclear Regulation (ONR) and the work done every day to help keep the nuclear industry safe and secure.
Today, we meet Alexandra Gibson and learn more about her role within ONR’s cyber security and information assurance team.
Alex works within this specialism of nuclear security regulation and mainly focuses on the sites operated by Nuclear Restoration Services, in the decommissioning phase of operations.
She has also been part of a team reviewing ONR’s Security Assessment Principles (SyAPs), the first outcome-focused regulatory framework for nuclear security, ensuring cyber security expectations are adequately aligned with other critical national infrastructure, internationally-recognised good practice, and to support the delivery of national priorities.
Alex has been working with the UK’s National Technical Authority, the National Cyber Security Centre and the Department for Energy Security and Net Zero to better align SyAPs with the NCSC’s Cyber Assessment Framework.
This is a methodology to help organisations assess and improve their cyber security and resilience, manage cyber risks and protect essential services from cyber threats.
Alex Gibson, a Nuclear Security Inspector, Cyber Security & Information Assurance, said:
"Working in cyber security is dynamic, interesting and always evolving. Most people are aware of some big household names and others who suffered significant incidents just last summer.
“The challenge, as I see it, is making the case that in a time where all risks are a priority for an organisation, emphasising investment in something that can feel abstract or in preventing an attack that may never happen, rather than funding something more tangible within an organisation.
“Generally across our dutyholders, cyber is now recognised as a business risk, not just a technology issue.
“And with the rise in new and novel technologies, there are even more risks and threats to deal with, so part of our continued effort must be to enable dutyholders to prepare for and embrace innovative solutions and advances in a mature and risk-informed manner, through the production of clear advice and guidance.
"I think the importance of cyber security will only grow as the inter-connectedness of technology expands, and that includes across the nuclear security estate."
With some nuclear dutyholders currently placed within an enhanced level of regulatory attention for cyber security, it's important that good practice is sought for, Alex reflects, with any enforcement action carried out in an enabling manner to bring about lasting and meaningful changes.
She added: "I feel valued by the dutyholders that I work with who welcome the regulator's opinion and judgements and with the growth and improvements required in cyber security there's an open-minded outlook across the sector which is positive."
Outside of work, Alex likes going on holiday and taking breaks away with her family and friends - recently seeing the Northern Lights in Iceland with her partner, skiing in Bansko in Bulgaria with her friends, and enjoying long weekends in Wales with her (non-biological) son, Booker the Daschund.
On Good Friday, she impressively completed her first ultra marathon, taking part in the 50-mile Manchester to Liverpool race, completing the gruelling course in 12 hours.
Alex added: “It was one of the toughest races I’ve ever done, but I'm so pleased to get this first ultra under my belt, and I’m already looking for my next one!"
