Browse > Article
http://dx.doi.org/10.6109/jkiice.2018.22.10.1392

Comparative Analysis of Network-based Vulnerability Scanner for application in Nuclear Power Plants  

Lim, Su-chang (Department of Computer Engineering, Sunchon National University)
Kim, Do-yeon (Department of Computer Engineering, Sunchon National University)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.22, no.10, 2018 , pp. 1392-1397 More about this Journal
Abstract
Nuclear power plants(NPPs) are protected as core facilities managed by major countries. Applying general IT technology to facilities of NPPs, the proportion of utilizing the digitized resources for the rest of the assets except for the existing installed analog type operating resources is increasing. Using the network to control the IT assets of NPPs can provide significant benefits, but the potential vulnerability of existing IT resources can lead to significant cyber security breaches that threaten the entire NPPs. In this paper, we analyze the nuclear cyber security vulnerability regulatory requirements, characteristics of existing vulnerability scanners and their requirements and investigate commercial and free vulnerability scanners. Based on the proposed application method, we can improve the efficiency of checking the network security vulnerability of NPPs when applying vulnerability scanner to NPPs.
Keywords
Nuclear Power Plants; Network Security; Security Vulnerability; Network based Vulnerability Scanner;
Citations & Related Records
Times Cited By KSCI : 3  (Citation Analysis)
연도 인용수 순위
1 G. I. Jeong, J. K. Lee, and G. O. Park, "Application Trend of Cyber Security in Nuclear Power Plant Measurement Control System," Journal of the Korea Information Processing Society Review, vol. 19, no. 5, pp. 69-77, Sept. 2012.
2 S. S. Kang, T. H. Lim, J. Y. Choo, H. T. Kim, D. H. Kim, G. G. Byun, J. E. Park, J. Y. Lee, and H. S. Choo, "Analysis on the EMC evaluating method for applying wireless communications in NPP," Journal of the Korea Institute of Information and Communication Engineering, vol. 21, no. 12, pp. 2221-2231, Dec. 2017.   DOI
3 D. Kim, "Vulnerability Analysis for Industrial Control System Cyber Security," Journal of the Korea Institute of Electronic Communication Sciences, vol. 9, no. 1, pp. 137-142, Jan. 2013.   DOI
4 S. H. Kim, S. C. Lim and D. Y. Kim, "Regulatory Requirements Analysis for Development of Nuclear Power Plants Cyber Security Vulnerability Inspection Tool," Journal of the Korea Institute of Electronic Communication Sciences, vol. 12, no. 5, pp. 725-730, Oct. 2017.   DOI
5 D. Y. Kim, "Security Criteria for Design and Evaluation of Secure Plant Data Network on Nuclear Power Plants," Journal of the Korea Institute of Electronic Communication Sciences, vol. 9, no. 2, pp. 267-271, Feb. 2014.   DOI
6 D. Y. Kim, "Cyber security issues imposed on nuclear power plants," Annals of Nuclear Energy, vol. 65, pp. 141-143, Nov. 2014.   DOI
7 The Government of the Hong Kong Special Administrative Region [Internet]. Available: https://www.infosec.gov.hk/english/technical/files/vulnerability.pdf.
8 P. Lindstrom, (2004, July). Network VS. Host-based Vulnerability Management. A Spire Research Report [Internet]. Available : http://spiresecurity.com/?page_id=1307.
9 K. Scarfone, S. Murugiah, C. Amanda, and O. Angela, "Technical guide to information security testing and assessment." NIST Special Publication 800, no. 115, pp. 2-25, Sept. 2008.
10 High-Tech Bridge Web Security Company [Internet]. Available: https://www.htbridge.com/immuniweb/.
11 Netsparker Web Application Security Scanner [Internet]. Available: https://www.netsparker.com/.
12 Tenable - Nessus [Internet]. Available: https://www.tenable.com/.
13 OpenVAS [Internet]. Available: http://www.openvas.org/.
14 BeyondTrust -Retina CS Community [Internet]. Available: https://www.beyondtrust.com/products/retina-network-community/.
15 Microsoft - MBSA [Internet]. Available: https://www.microsoft.com/en-us/download/details.aspx?id=7558.
16 US Nuclear Regulatory Commission, "Syber Security Programs for Nuclear Power Facilities," Nuclear Regulatory Commission Regulatory Guide 5.71, Jan. 2010.
17 IBM QRadar [Internet]. Available : https://www.ibm.com/security/security-intelligence/qradar.