Nuclear Engineering and Technology

Korean Nuclear Society (한국원자력학회)
권호 표지
DOI QR코드

DOI QR Code

Probabilistic safety assessment-based importance analysis of cyber-attacks on nuclear power plants

  • Received : 2018.04.27
  • Accepted : 2018.09.14
  • Published : 2019.02.25
Download PDF
⟨ Previous Next ⟩

Abstract

With the application of digital technology to safety-critical infrastructures, cyber-attacks have emerged as one of the new dangerous threats. In safety-critical infrastructures such as a nuclear power plant (NPP), a cyber-attack could have serious consequences by initiating dangerous events or rendering important safety systems unavailable. Since a cyber-attack is conducted intentionally, numerous possible cases should be considered for developing a cyber security system, such as the attack paths, methods, and potential target systems. Therefore, prior to developing a risk-informed cyber security strategy, the importance of cyber-attacks and significant critical digital assets (CDAs) should be analyzed. In this work, an importance analysis method for cyber-attacks on an NPP was proposed using the probabilistic safety assessment (PSA) method. To develop an importance analysis framework for cyber-attacks, possible cyber-attacks were identified with failure modes, and a PSA model for cyber-attacks was developed. For case studies, the quantitative evaluations of cyber-attack scenarios were performed using the proposed method. By using quantitative importance of cyber-attacks and identifying significant CDAs that must be defended against cyber-attacks, it is possible to develop an efficient and reliable defense strategy against cyber-attacks on NPPs.

Keywords

References

  1. J. Song, J. Lee, C. Lee, K. Kwon, D. Lee, A cyber security risk assessment for the design of I & C systems in nuclear power plants 44 (8) (2012) 919-928. https://doi.org/10.5516/NET.04.2011.065
  2. U.S. ICS-CERT, Year in Review 2016, 2016.
  3. A. Nicholson, et al., SCADA security in the light of Cyber-Warfare, Comput. Secur. 31 (2012) 418-436. https://doi.org/10.1016/j.cose.2012.02.009
  4. J. Park, J. Park, Y. Kim, A graded approach to cyber security in a research reactor facility, Prog. Nucl. Energy 65 (2013) 81-87. https://doi.org/10.1016/j.pnucene.2013.01.007
  5. J.G. Song, J.W. Lee, G.Y. Park, K.C. Kwon, D.Y. Lee, C.K. Lee, An analysis of technical security control requirements for digital I&C systems in nuclear power plants, Nucl. Eng. Technol. 45 (5) (2013) 637-652. https://doi.org/10.5516/NET.04.2012.091
  6. U.S. Nuclear Regulatory Commission, Protection of Digital Computer and Communication Systems and Networks, 2009, 10 CFR Part 73.54.
  7. U.S. Nuclear Regulatory Commission, Cyber security Programs for nuclear facilities, Regulatory Guide 5 (71) (2010).
  8. Lan Wu, et al., Reliability evaluation of the solar power system based on the Markov chain method, Int. J. Energy Res. (2017) 1-8, 2017.
  9. J.B. Ko, et al., Towards a novel quantification approach based on smart grid network vulnerability score, Int. J. Energy Res. 40 (2016) 298-312, 2016. https://doi.org/10.1002/er.3356
  10. Y. Cherdantseva, et al., A review of cyber security risk assessment methods for SCADA systems, Comput. Secur. 56 (2015) 1-27. https://doi.org/10.1016/j.cose.2015.09.009
  11. Ernest J. Henley, Hiromitsu Kumamoto, Probabilistic Risk Assessment: Reliability Engineering, Design, and Analysis, IEEE Press, New York, 1992.
  12. P.A.S. Ralston, J.H. Graham, J.L. Hieb, Cyber security risk assessment for SCADA and DCS networks, ISA Trans. 46 (4) (2007) 583-594. https://doi.org/10.1016/j.isatra.2007.04.003
  13. U.S. Nuclear Regulatory Commission, Fault Tree Handbook, NUREG-0492, 1981.
  14. D. Lee, J. Choi, J. Lyou, A safety assessment methodology for a digital reactor protection system, Int. J. Contr. Autom. Syst. 4 (1) (2006) 105-112.
  15. Idaho National Laboratory, Cyber Threat and Vulnerability Analysis of the U.S. Electric Sector, 2016.
  16. M. Van Der Borst, H. Schoonakker, An overview of PSA importance measures, Reliab. Eng. Syst. Saf. 72 (3) (2001) 241-245. https://doi.org/10.1016/S0951-8320(01)00007-2
  17. J. Park, Y. Suh, C. Park, Implementation of cyber security for safety systems of nuclear facilities, Prog. Nucl. Energy 88 (2016) 88-94. https://doi.org/10.1016/j.pnucene.2015.12.009
  18. P.A.S. Ralstona, J.H. Grahamb, J.L. Hiebb, Cyber security risk assessment for SCADA and DCS networks, ISA (Instrum. Soc. Am.) Trans. 46 (4) (2007) 583-594.

Cited by

  1. A Robust Cybersecurity Solution Platform Architecture for Digital Instrumentation and Control Systems in Nuclear Power Facilities vol.206, pp.7, 2019, https://doi.org/10.1080/00295450.2019.1666599
  2. SafeMan: A unified framework to manage cybersecurity and safety in manufacturing industry vol.51, pp.3, 2019, https://doi.org/10.1002/spe.2879
  3. CS Measures for Nuclear Power Plant Protection: A Systematic Literature Review vol.2, pp.4, 2019, https://doi.org/10.3390/signals2040046