Development of a quantitative method for identifying fault-prone cyber security controls in NPP digital I&amp;C systems

Lee, Chanyoung; Han, Sang Min; Seong, Poong Hyun

doi:10.1016/j.anucene.2020.107398

Cited by 6 publications

(3 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All measures implemented in cybersecurity are mainly prepared to anticipate cyberattacks appearing in various forms. Cyberattacks can be defined as attacks on information systems [19] through intrusion conducted by internal [4] or external malicious attackers [16] that may compromise the confidentiality, integrity, and availability [29] of the system or may result in failure and property loss [30], [31] leading to jeopardized safety functions [16], [4], [6]. Cyberattacks have been classified into three categories: active attacks, passive attacks, and cyberwars.…”

Section: Methodsmentioning

confidence: 99%

“…Lee et al [30] developed a quantitative method to estimate fault-proneness in cybersecurity control by implementing: (1) an analysis of fault prediction models, (2) adoption of the software change entropy model, and (3) development of the security control entropy model. Achievement of high-level quality assurance through consistent attempts, fault proneness, and software complexity correlates to the focus of study for this particular method.…”

Section: Fault-proneness In Cybersecurity Controlmentioning

confidence: 99%

See 1 more Smart Citation

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Setianingsih¹,

Pulungan²,

Putra³

et al. 2021

IJACSA

View full text Add to dashboard Cite

As strategic infrastructures, nuclear facilities are considered attractive targets for attackers to commit their malicious intention. At the same time, for efficiency, those infrastructures are increasingly implemented, equipped with, and managed by digitally computerized systems. Attackers, therefore, try to realign their attack scenarios through such cyber systems. It is crucial to understand various existing risk assessment methods for cybersecurity in nuclear facilities to prevent such attacks. Risk assessment is designed to study the nature of the originated attack threats and the consequences implied. This paper studies a series of risk assessment methods implemented for security related to cybersecurity of strategic infrastructures, including nuclear facilities. Extended from cybersecurity, the required concepts in nuclear security cover defense-in-depth, synergy of safety and security, and probabilistic safety/risk assessment. Selecting cybersecurity risk assessment methods should integrate these three essential concepts in their evaluation. This paper highlights the suitable and appropriate risk assessment methods that meet security requirements in the nuclear industry as specified in the national and international regulations.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Fault-proneness In Cybersecurity Controlmentioning

confidence: 99%

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Setianingsih¹,

Pulungan²,

Putra³

et al. 2021

IJACSA

View full text Add to dashboard Cite

show abstract

“…Furthermore, Lee et al (2020) developed a model that quantitatively estimated the defective probability of cyber security controls using a modification of the software change entropy model, which analyzed the fault activation probability by considering the security control, digital device, and functional requirement group levels [25]. Shin et al (2015) proposed a cyber security list model consisting of an activity quality analysis model for assessing the cyber security regulatory guides of nuclear business operators and an architecture analysis model for assessing the im-pact of system-specific vulnerability mitigation measures on cyber security-both of which are evaluated in an integrated manner.…”

Section: Introductionmentioning

confidence: 99%

Cyber Security Controls in Nuclear Power Plant by Technical Assessment Methodology

et al. 2023

View full text Add to dashboard Cite

With the rapid increase in cyber attacks on industrial control systems, the significance of the application of cyber security controls and the evaluation of security against such attacks has also increased. Among them, cyber attacks on nuclear power plants (NPPs) can cause not only economic loss, but also human casualties. Thus, the application of cyber security controls is necessary for mitigating security threats, especially to NPPs. However, currently, there are limited resources pertaining to information protection, which is essential to uniformly deploy all the controls required to meet cyber security regulations. To overcome this challenge, effective cyber security controls need to be identified and adequate information protection resources must be allocated to each NPP. Although NPPs apply a differential security control according to its characteristics based on NEI 13-10 (Cyber Security Control Assessments), this alone is not only insufficient in reflecting the latest security threats, but also fails to confirm whether the security controls have actually mitigated such threats. To address this challenge, the Electric Power Research Institute (ETRI) developed the technical assessment methodology (TAM), which can be used to generate a quantitative score by assessing the effects of potential cyber attacks on an asset and the relevant security controls. This methodology allows for the application of differential security control based on the score to identify whether the security controls have actually mitigated the risks. Considering this context, the purpose of this paper is to conduct a comparative analysis of the results derived from applying security controls and assessing risks using only NEI 13-10 as well as both NEI 13-10 and TAM on the plant protection system of the nuclear power reactor APR1400. Furthermore, this paper discusses the scopes for subsequent research by addressing the limitations of the TAM and considerations for its use.

show abstract

Evaluating attractiveness of cyberattack path using resistance concept and page-rank algorithm

Chae

Lee

Choi

et al. 2022

Annals of Nuclear Energy

View full text Add to dashboard Cite

Development of a quantitative method for identifying fault-prone cyber security controls in NPP digital I&C systems

Cited by 6 publications

References 22 publications

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Risk Assessment Methods for Cybersecurity in Nuclear Facilities: Compliance to Regulatory Requirements

Cyber Security Controls in Nuclear Power Plant by Technical Assessment Methodology

Evaluating attractiveness of cyberattack path using resistance concept and page-rank algorithm

Contact Info

Product

Resources

About