Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

Cybersecurity Threats and Responses of Safety Systems in NPPs

원전 안전계통의 사이버보안 위협 및 대응

  • Received : 2020.03.10
  • Accepted : 2020.03.18
  • Published : 2020.03.30
Download PDF
⟨ Previous Next ⟩

Abstract

In the past, conservative concepts have been applied in terms of the characteristic of nuclear power plants(NPPs), resulting in analog-based equipment and closed networks. However, as digital technology has recently been applied to the design, digital-based facilities and communication networks have been used in nuclear power plants, increasing the risk of cybersecurity than using analog-based facilities. Nuclear power plant facilities are divided into a safety system and a non-safety system. It is essential to identify the difference and cope with cybersecurity threats to the safety system according to its characteristics. In this paper, we examine the cybersecurity regulatory guidelines for safety systems in nuclear power plant facilities. Also, we analyze cybersecurity threats to a programmable logic controller of the safety system and suggest cybersecurity requirements be applied to it to respond to the threats. By implementing security functions suitable for the programmable logic controller according to the suggested cybersecurity requirements, regulatory guidelines can be satisfied, and security functions can be extended according to other system requirements. Also, it can effectively cope with cybersecurity attacks that may occur during the operation of nuclear power plants.

Keywords

References

  1. 정성민.박기용, "계측제어시스템 사이버보안 요건서 고려사항," 디지털산업정보학회 공동학술대회, 서울, 2016, pp.27-29.
  2. 정만현.안우근.민병길.서정택, "원전 디지털계측제어시스템 사이버보안 기술 체계 수립 방법 연구," 한국정보보호학회, 정보보호학회논문지, 제24권, 제3호, 2014, pp.561-570. https://doi.org/10.13089/JKIISC.2014.24.3.561
  3. 김도연, "원전 계측제어계통의 안전 네트워크 설계 및 평가를 위한 보안 기준," 한국전자통신학회, 한국전자통신학회 논문지, 제9권, 제2호, 2014, pp.267-272.
  4. U.S. NRC, "Criteria for Digital Computers in Safety Systems of Nuclear Power Plants," Regulatory Guide 1.152, 2006.
  5. 정성민.박기용, "계측제어시스템 개발을 위한 사이버보안 요구사항," 디지털산업정보학회 공동학술대회, 서울, 2017, pp.34-37.
  6. Jung-Woon Lee, Cheol-Kwon Lee, Jae-Gu Song, and Dong-Young Lee, "Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants," The 2011 International Conference on Security and Management(SAM'11), Las Vegas, USA, 2011.
  7. 원자력안전위원회규칙 제24호, "원자로시설 등의 기술기준에 관한 규칙," 2020.
  8. 정성민.박기용, "계측제어시스템을 위한 기술적 보안 요건 적용," 디지털산업정보학회 공동학술대회, 서울, 2018, pp.69-72.
  9. Sadegh vosough and Amir vosough, "PLC and its Applications," International Journal of multidisciplinary Sciences and Engineering", Vol.2, No.8, Nov, 2011.
  10. U.S. NRC, "Protection of Digital Computer and Communication Systems and Networks," 10 CFR 73.54, 2009.
  11. U.S. NRC, "Cyber Security Programs for Nuclear Facilities," Regulatory Guide 5.71, 2010.
  12. 한국원자력통제기술원, "원자력시설등의 필수디지털자산 식별 기술기준," KINAC RS-019, 2015.
  13. 한국원자력통제기술원, "원자력 시설 등의 컴퓨터 및 정보시스템 보안 기술기준," KINAC RS-015, 2016.
  14. 정성민.박기용, "원전 계측제어시스템에 적합한 운영적 및 관리적 보안 요건," 디지털산업정보학회 공동학술대회, 서울, 2019, pp.175-178.
  15. 이철권, "원전 계측제어시스템 사이버보안 기술동향," 한국정보보호학회, 정보보호학회지, 제22권, 제5호, 2012, pp.28-34.
  16. DHS, "Common Cybersecurity Vulnerabilities in Industrial Control Systems," 2011.