Kookheui Kwon scite author profile

Kookheui Kwon

2Publications

3Citation Statements Received

99Citation Statements Given

How they've been cited

How they cite others

Affiliations

Korea Institute of Nuclear Safety

Publications

Order By: Most citations

Consider the Consequences: A Risk Assessment Approach for Industrial Control Systems

Kim

Kwon

et al. 2022

Security and Communication Networks

View full text Add to dashboard Cite

The development of information and communication technologies extended the application of digitalized industrial control systems (ICSs) to critical infrastructure. With this circumstance, emerging sophisticated cyberattacks by adversaries, including nation-backed terrorists, target ICSs due to their strategic value that critical infrastructure can cause severe consequences to equipment, people, and the environment due to the cyberattacks on ICSs. Therefore, critical infrastructure owners should provide high assurance to those involved, such as neighboring residents and governments, that the facility is adequately protected against cyberattacks. The risk assessment that identifies, estimates, and prioritizes risks is vital to provide high assurance. This study proposes a framework for evaluating risks by quantifying the likelihood of cyber exploitation and the consequences of cyberattacks. The quantification of the likelihood of cyber exploitation is inspired by research on Bayesian attack graphs (BAGs), allowing probability evaluation that considers the causal relationship between ICSs and multistage attacks. For the cyberattack consequences quantification, we propose a methodology to evaluate how far an impact will spread and thus how many functions will be influenced when an ICS is exploited. The methodology is conducted by ICS experts identifying and listing functional dependencies and essential function goals among ICSs that they are already familiar with and do not require in-depth cybersecurity knowledge. Through experiments, we demonstrated how to apply our framework to assess the risks of the plant protection system, which is a safety-grade digital system used in nuclear power plants. The result shows that risk can be multidimensionally assessed than previous literature, such as discovering that components that were not considered important have high risk due to their functional connectivity.

show abstract

Cyber Security Controls in Nuclear Power Plant by Technical Assessment Methodology

et al. 2023

View full text Add to dashboard Cite

With the rapid increase in cyber attacks on industrial control systems, the significance of the application of cyber security controls and the evaluation of security against such attacks has also increased. Among them, cyber attacks on nuclear power plants (NPPs) can cause not only economic loss, but also human casualties. Thus, the application of cyber security controls is necessary for mitigating security threats, especially to NPPs. However, currently, there are limited resources pertaining to information protection, which is essential to uniformly deploy all the controls required to meet cyber security regulations. To overcome this challenge, effective cyber security controls need to be identified and adequate information protection resources must be allocated to each NPP. Although NPPs apply a differential security control according to its characteristics based on NEI 13-10 (Cyber Security Control Assessments), this alone is not only insufficient in reflecting the latest security threats, but also fails to confirm whether the security controls have actually mitigated such threats. To address this challenge, the Electric Power Research Institute (ETRI) developed the technical assessment methodology (TAM), which can be used to generate a quantitative score by assessing the effects of potential cyber attacks on an asset and the relevant security controls. This methodology allows for the application of differential security control based on the score to identify whether the security controls have actually mitigated the risks. Considering this context, the purpose of this paper is to conduct a comparative analysis of the results derived from applying security controls and assessing risks using only NEI 13-10 as well as both NEI 13-10 and TAM on the plant protection system of the nuclear power reactor APR1400. Furthermore, this paper discusses the scopes for subsequent research by addressing the limitations of the TAM and considerations for its use.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Kookheui Kwon

Consider the Consequences: A Risk Assessment Approach for Industrial Control Systems

Cyber Security Controls in Nuclear Power Plant by Technical Assessment Methodology

Contact Info

Product

Resources

About