The Journal of the Korea institute of electronic communication sciences (한국전자통신학회논문지)

Korea Institute of Electronic Communication Science (한국전자통신학회)
권호 표지
DOI QR코드

DOI QR Code

Security Criteria for Design and Evaluation of Secure Plant Data Network on Nuclear Power Plants

원전 계측제어계통의 안전 네트워크 설계 및 평가를 위한 보안 기준

  • Received : 2013.11.21
  • Accepted : 2014.02.11
  • Published : 2014.02.28
Download PDF
⟨ Previous Next ⟩

Abstract

Nuclear power plant data networks and their associated safety systems are being modernized to include many information technology (IT) networks and applications. Along with the advancement of plant data networks (PDN), instrumentation and control systems are being upgraded with modern digital, microprocessor-based systems. However, nuclear PDN is confronted significant side-effects, which PDN is exposed to prevalent cyber threats typically found in IT environments. Therefore, cyber security vulnerabilities and possibilities of cyber incidents are dramatically increased in nuclear PDN. Consequently, it should be designed fully ensuring the PDN meet all reliability, performance and security requirements in order to overcome the disadvantages raised from adaption of IT technology. In this paper, we provide technical security criteria should be used in design and evaluation of secure PDN. It is believed PDN, which is designed and operated along with these technical security critera, effectively protect against possible outside cyber threats.

원자력발전소의 데이터 네트워크와 연관된 안전 계통들은 다양한 IT (information technology) 네트워크 및 응용프로그램들을 적용하여 현대화되고 있다. 발전소 데이터 네트워크의 출현과 더불어 원전 계측제어시스템들은 최신의 디지털화된 마이크로프로세서에 근간을 둔 시스템으로 진화하고 있는 반면에, 일반적인 IT 환경에서의 각종 정보시스템이 가지는 사이버보안 취약성 및 사고의 가능성이 증대되는 단점을 가지게 되었다. 이를 보완하기 위해 원전에 적용하는 데이터 네트워크는 신뢰성, 성능 및 보안요건을 충분히 고려해서 설계되어야 한다. 본 논문에서는 원전 계측제어계통에 적용되는 안전한 네트워크의 설계 및 평가 시 사용될 수 있는 기술적인 보안 기준들을 제시하였으며, 본 기준들을 적용하여 설계 및 운영되는 발전소 데이터 네트워크는 외부의 사이버 위협으로부터 효과적인 대처를 할 것으로 판단된다.

Keywords

References

  1. Y. Choi, Y. Choi, J. Lee, C. Wan, I. Koo, and S. Hong "Study on the Construction of Cyber Security for the Nuclear Power Plants," Fall Conf. from Korea Society of IT Services, 2009, pp. 537-538.
  2. Y. Cha, B. Cho, and J. Na, "Security Technology Trends and Prospective of Industrial Control System," KEIT PD Issue Report, vol. 13, no. 6, 2013, pp. 79-100.
  3. N. Falliere, L. O. Murchu, and E. Chien, Win32.stuxnet Dossier. Symantec Security Response, 2011.
  4. NRC Information Notice 2003-14, Potential Vulnerability of Plant Computer Network to Worm Infection. Nuclear Regulatory Commission, 2003.
  5. NRC Information Notice 2007-15, Effects of Ethenet based, no-safety related controls on the safe and continued operation of nuclear power stations. Nuclear Regulatory Commission, 2007.
  6. W. Seo and M. Jun, "A Direction of Convergence and Security of Smart Grid and Information Communication Network," J. of the Korea Institute of Electronic Communication Sciences, vol. 5, no. 5, 2010, pp. 477-486.
  7. I. Koo, K. Kim, S. Hong, G. Park, and J. Park, "Digital Asset Analysis Methodology against Cyber Threat to I&C System in NPP," J. of the Korea Institute of Electronic Communication Sciences, vol. 6, no. 6, 2011, pp. 839-847.
  8. C. Yoon, G. Kim, and C. Jang, "Embedded-based Power Monitoring Security Module Design," J. of the Korea Institute of Electronic Communication Sciences, vol. 8, no. 10, 2013, pp. 1485-1490. https://doi.org/10.13067/JKIECS.2013.8.10.1485
  9. C. K. Veitch, S. Wade, and J. T. Michalski, Cyber Security Assessment Tools and Methodologies for the Evaluation of Secure Network Design at Nuclear Power Plants. Sandia National Laboratories, 2012.
  10. NRC NUREG/CR-7117, Secure Network Design. Nuclear Regulatory Commission, 2012.
  11. J. T. Michalski, F. J. Wyant, and D. Duggan, Secure Network Design Techniques for Safety System Applications at Nuclear Power Plants. Sandia National Laboratories, 2010.