Browse > Article
http://dx.doi.org/10.13089/JKIISC.2015.25.2.363

Assessment Method of Step-by-Step Cyber Security in the Software Development Life Cycle  

Seo, Dal-Mi (NSE Inc.)
Cha, Ki-Jong (NSE Inc.)
Shin, Yo-Soon (NSE Inc.)
Jeong, Choong-Heui (Korea Institute of Nuclear Safety)
Kim, Young-Mi (Korea Institute of Nuclear Safety)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.25, no.2, 2015 , pp. 363-374 More about this Journal
Abstract
Instrumentation and control(I&C) system has been mainly designed and operated based on analog technologies in existing Nuclear Power Plants(NPPs). However, As the development of Information Technology(IT), digital technologies are gradually being adopted in newly built NPPs. I&C System based on digital technologies has many advantages but it is vulnerable to cyber threat. For this reason, cyber threat adversely affects on safety and reliability of I&C system as well as the entire NPPs. Therefore, the software equipped to NPPs should be developed with cyber security attributes from the initiation phase of software development life cycle. Moreover through cyber security assessment, the degree of confidence concerning cyber security should be measured and if managerial, technical and operational work measures are implemented as intended should be reviewed in order to protect the I&C systems and information. Currently the overall cyber security program, including cyber security assessment, is not established on I&C systems. In this paper, we propose cyber security assessment methods in the Software Development Life Cycle by drawing cyber security activities and assessment items based on regulatory guides and standard technologies concerned with NPPs.
Keywords
software development life cycle; cyber security assessment; cyber security in nuclear power plants;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Youngdoo Kang and Kil To Chong, "Development of Cyber Security Assessment Methodology for the Instrumentation & Control Systems in Nuclear Power Plants," Journal of academia-industrial technology, 11(9), pp. 3451-3457, Sep. 2010.
2 James W. Over, Team Software process for Secure Systems Development, CMU Software Engineering Institute, Mar. 2002.
3 Microsoft Corporation, Microsoft Security Development Lifecycle(SDL), Version 5.2, Microsoft Corporation, P.167, May. 2012.
4 CLASP, https://www.owasp.org/index.php/ Category: OWASP CLASP Project
5 Gary McGraw, Software Security: Building Security In, Addison-Wesley Professional, P.448, 2006.
6 IEEE Std. 7-4.3.2, "IEEE Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations," Aug. 2010.
7 NIST SP 800-64(Rev.2), "Security Considerations in the System Development Life Cycle," Oct. 2008.
8 Regulatory Guide 5.71, "Cyber Security Programs for Nuclear Facilities," Jan. 2010.
9 NIST SP 800-53(Rev.4), "Security and Privacy Controls for Federal Information Systems and Organizations," Apr. 2013.
10 U.S. Department of Homeland Security, "Catalog of Control Security : Recommendations for Standards Developers(Rev.7)," Apr. 2011.
11 Sang-Hyun Lee, "Cybersecurity Laws in the U.S.:Focusing on Responses from the Legislative, the Judicial, and the Executive Body," Journal of the Korea Institute of Information Security and Cryptology,3(1), pp. 109-131, Jan. 2012.
12 NEI 08-09(Rev.6), "Cyber Security Plan for Nuclear Power Reactors," Apr. 2010.