A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

@article{Song2012ACS,
  title={A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I\&C SYSTEMS IN NUCLEAR POWER PLANTS},
  author={Jae-gu Song and J. H. Lee and Cheol-Kwon Lee and K. C. Kwon and Dong-young Lee},
  journal={Nuclear Engineering and Technology},
  year={2012},
  volume={44},
  pages={919-928}
}
The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing… 

Figures and Tables from this paper

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

TLDR
Methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements are presented.

Introduction of a Cyber Security Risk Analysis and Assessment System for Digital I&C Systems in Nuclear Power Plants

TLDR
The Cyber Security Risk Analysis and Assessment System (CSRAS) has been developed as a tool for analyzing security requirements and technical security controls based on a general cyber security risk assessment procedure with the consideration of characteristics of I&C systems and the lifecycle of development in nuclear power plants.

INTEGRATED SAFETY AND CYBER SECURITY ANALYSIS FOR BUILDING SUSTAINABLE CYBER PHYSICAL SYSTEM AT NUCLEAR POWER PLANTS: A SYSTEMS THEORY APPROACH

  • Engineering, Computer Science
  • 2020
TLDR
The proposed integrated STPA-SafeSec methodology provides a comprehensive analysis of safety and cyber security through identifying digital hazards in nuclear power plants using a case study of a risk scenario in a nuclear facility.

An analytical method for developing appropriate protection profiles of Instrumentation & Control System for nuclear power plants

TLDR
This paper proposes an implementable Instrumentation & Control System analysis model having focus on cyber security and technology evaluation that has been already implemented in reactor protection systems that is operating in Republic of Korea.

Advancements of Cyber Security of Nuclear Power Plants

TLDR
A state-of-the-art overview on various aspects of the cyber-security of NPP is delivered, including what are the protection mechanisms, what is the optimal ways of deploy them, and how to analyze, assess and predict the cyber threats are beneficial to both researchers and practitioners.

Cyber attack taxonomy for digital environment in nuclear power plants

A Conceptual Framework for Securing Digital I & C Systems in Nuclear Power Plants

TLDR
The characteristics of I&C systems are described in terms of their differences from industrial control systems, and related nuclear regulatory requirements and other guides are introduced.

References

SHOWING 1-10 OF 29 REFERENCES

A Safety Assessment Methodology for a Digital Reactor Protection System

TLDR
In this paper, a prediction method of the hardware failure rate is suggested for a digital reactor protection system, and applied to the reactors protection system being developed in Korea to identify design weak points from a safety point of view.

NIST Special Publication 800-53 Revision 3 Recommended Security Controls for Federal Information Systems and Organizations

TLDR
The guidelines have been broadly developed from a technical perspective to complement similar guidelines for national security systems and may be used for such systems with the approval of appropriate federal officials exercising policy authority over such systems.

NIST Special Publication 800-39 Managing Information Security Risk

TLDR
The risk management guidance described herein is complementary to and should be used as part of a more comprehensive Enterprise Risk Management (ERM) program.

STATE TOKEN PETRI NET MODELING METHOD FOR FORMAL VERIFICATION OF COMPUTERIZED PROCEDURE INCLUDING OPERATOR’S INTERRUPTIONS OF PROCEDURE EXECUTION FLOW

TLDR
A modeling for the CPS that enables formal verification based on Petri nets is presented, and the proposed State Token Petri Nets (STPN) also support modeling of a procedure flow that has various interruptions by the operator, according to the plant condition.

NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems

TLDR
This guide provides a common foundation for experienced and inexperienced, technical, and non-technical personnel who support or use the risk management process for their IT systems.

Department of Homeland Security.

  • Michael Chertoff
  • Political Science
    Disaster medicine and public health preparedness
  • 2007
TLDR
The President's Fiscal Year 2017 Budget proposes a common appropriations structure for all DHS components except U.S. Coast Guard, and aligns DHS's PPA structure with DHS mission areas, a change that will encourage consistency and alignment between resource decisions and frontline mission needs.

Information Technology: Code of Practice for Information Security Management

Swedish Standards corresponding to documents referred to in this Standard are listed in ”Catalogue of Swedish Standards”, issued by SIS. The Catalogue lists, with reference number and year of Swedish

NIST Special Publication 800-64 Revision 2, Security Considerations in the System Development Life Cycle

  • NIST Special Publication 800-64 Revision 2, Security Considerations in the System Development Life Cycle
  • 2008

NRC Standard Review Plan NUREG-0800 Chapter 7.0 Instrumentation and Controls – Overview of Review Process

  • NRC Standard Review Plan NUREG-0800 Chapter 7.0 Instrumentation and Controls – Overview of Review Process
  • 2010

NSTB Assessments Summary Report: Common Industrial Control System Cyber Security Weaknesses

TLDR
Results from 24 ICS assessments performed under the NSTB program from 2003 through 2009 are presented, which can benefit vendors, asset owners, and other stakeholders responsible for securing the systems that control the nation's energy infrastructure.