A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&amp;C SYSTEMS IN NUCLEAR POWER PLANTS

Song, Jae-gu; Lee, Jungwoon; Lee, Cheol-Kwon; Kwon, Kee-Choon; Lee, Dong-Young

doi:10.5516/net.04.2011.065

Cited by 37 publications

(13 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…NPP I&C systems are operated in environments different from those of conventional IT systems. In the past, I&C systems were based on analog technologies; however, since the introduction of digital technologies in the 2000s, the proportion of digital technologies has been steadily increasing [1,17]. At the same time, the convenience and lower cost of new digital technologies such as wireless sensor networks have resulted in them currently being under active consideration.…”

Section: Background and Related Workmentioning

confidence: 99%

“…As a result, NPPs were regarded as being safe from external cyber-attacks [1,18]. However, continuous cyber-attacks against NPPs, such as the Slammer worm attack on the Davis-Besse NPP in 2003 [3], the emergency shutdown of the Hatch NPP in 2008 [3], and the Stuxnet worm attack on the Natanz nuclear facility in 2010 [4], signified that NPPs are as susceptible to cyberattacks [2,7,18] as other critical infrastructures [19,20] and conventional IT systems.…”

Section: Cyber Security Issues In Nppsmentioning

confidence: 99%

“…This incident demonstrates that the enterprise networks of NPPs connected to the Internet are exposed to the same cyber threats that target many unspecified systems in conventional IT environments. Further, in 2006, the instrumentation and control (I&C) systems [1] of the Browns Ferry NPP in the US state of Alabama were disabled because of a digital network problem; therefore, an operator shut down its operation manually [3]. This incident further shows that there are many areas in NPPs that are vulnerable to cyber-attacks.…”

Section: Introductionmentioning

confidence: 99%

“…Further, the introduction of new technologies such as wireless sensor networks is also being considered. These digital technologies make the operation of NPPs more convenient and economical; however, they are inherently susceptible to cyber-attacks [1,2]. For example, in 2003, the enterprise and control networks of the DavisBesse NPP in the US were shut down because of an infection by the Slammer worm [3].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Development of Cyber-Attack Scenarios for Nuclear Power Plants Using Scenario Graphs

Ahn

Chung

Min

et al. 2015

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

Modern nuclear power plants (NPPs) use a variety of digital technologies, with new technologies such as wireless sensor networks also under active consideration. Consequently, like other critical infrastructure at increasing risk of cyber-attacks, cyber security for NPPs has become an issue of growing concern. The development of cyber-attack scenarios is therefore a crucial part of cyber security plans for NPPs. However, regulatory guidelines for NPPs only mention the necessity for cyber-attack scenarios, their application methods, and simple examples, without outlining any systematic method to actually develop comprehensive cyber-attack scenarios. This paper proposes a method for developing NPP cyber-attack scenarios that reflect the inherent characteristics and architecture of NPPs using scenario graphs, a type of attack model. Further, the process of modeling scenario graphs using the proposed method and a process for developing new attack scenarios by combining several scenario graphs are discussed. In the scenario graphs, large and complicated system structures are conceptually divided, facilitating identification of components of cyber-attacks. Attack scenarios developed using these scenario graphs can be used extensively to develop design basis threats (DBTs), risk assessments, and penetration tests. Thus, they are important for establishing cyber security plans and programs.

show abstract

Section: Background and Related Workmentioning

confidence: 99%

Section: Cyber Security Issues In Nppsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Development of Cyber-Attack Scenarios for Nuclear Power Plants Using Scenario Graphs

Ahn

Chung

Min

et al. 2015

International Journal of Distributed Sensor Networks

View full text Add to dashboard Cite

show abstract

“…After the evaluation of cyber security risk of RPS I&C system for nuclear power plant is construed [7], for reflecting the architectural risk of cyber-attack for RPS I&C system, Architectural risk for RPS I&C system of research reactor is analysed. After confirming the structure of the RPS, the architecture analysis model is composed with vulnerability and mitigation measure parts for reflection of extent about vulnerability of architecture and mitigation about penetration.…”

Section: ) Cyber Security Architecture Analysis Modelmentioning

confidence: 99%

Cyber Security Risk Analysis Model Composed with Activity-quality and Architecture Model

Shin¹,

Son²,

Heo³

2013

Proceedings of the International Conference on Computer, Networks and Communication Engineering (ICCNCE 2013)

View full text Add to dashboard Cite

-Extensive use of digital systems and networks is causing the problem of the cyber security to safety related industries like research reactors. The aim of cyber security study, in this article, is to develop a cyber-security risk analysis model based on activityquality & Instrumentation & Control (I&C) architecture for the safety of nuclear industry. Activity-quality is a qualitative number showing the extent to which systems or plant personnel are following the regulatory guidelines, for instance very well, well, good bad etc. Architecture assessment is performed in terms of vulnerability and mitigation measures against the cyber-attack. The activity-quality analysis model and the architecture analysis model are integrated in the cyber security risk model using Bayesian Network (BN). This model can helps us to identify key elements based on their final cyber security risk .

show abstract

Cybersecurity Threats, Vulnerability and Analysis in Safety Critical Industrial Control System (ICS)

Lou

Tellabi

2019

Recent Developments on Industrial Control Systems Resilience

View full text Add to dashboard Cite

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

Cited by 37 publications

References 1 publication

Development of Cyber-Attack Scenarios for Nuclear Power Plants Using Scenario Graphs

Development of Cyber-Attack Scenarios for Nuclear Power Plants Using Scenario Graphs

Cyber Security Risk Analysis Model Composed with Activity-quality and Architecture Model

Cybersecurity Threats, Vulnerability and Analysis in Safety Critical Industrial Control System (ICS)

Contact Info

Product

Resources

About