Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.4.877

A Study on the Implementation of Technical Security Control for Critical Digital Asset of Nuclear Facilities  

Choi, Yun-hyuk (KEPCO E&C)
Lee, Sang-jin (Korea University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.4, 2019 , pp. 877-884 More about this Journal
Abstract
As technology advances, equipment installed in Nuclear facilities are changing from analog system to digital system. Nuclear facilities have been exposed to cyber threats as the proportion of computers and digital systems increases. As a result, interest in cyber security has increased and there has been a need to protect the system from cyber attacks. KINAC presented 101 cyber security controls for critical digital asset. However, this is a general measure that does not take into account the characteristics of digital assets. Applying all cyber security controls to critical digital assets is a heavy task and can be lower efficient. In this paper, we propose an effective cyber security controls by identifying the characteristics of critical digital assets and presenting proper security measures.
Keywords
Nuclear facilities; Security control; Critical Digital Assets;
Citations & Related Records
연도 인용수 순위
  • Reference
1 U.S NRC 10CFR73.54 "Protection of Digital Computer and Communication System and Networks", U.S NRC, 2009
2 U.S NRC Regulatory Guide 5.71, "Cyber Security Programs for Nuclear Facilities", NRC, 2009
3 "Regulatory Standard 015", KINAC, 2016
4 NEI, "Cyber Secuirty Control Assessments", NEI 13-10, 2017
5 NEI, "Identifying Systems and Assets Subject to the Cyber Security Rule", NEI 10-04, 2012
6 NEI, "Cyber Security Plan for Nuclear Powr Reactors", NEI 08-09, 2010
7 U.S NRC Regulatory Guide 1.152 "Criteria for Use of Computers in Safety Systems of Nuclear Power Plants", U.S NRC, 2010
8 "Common Cyber security Vulnerabilities ICS", DHS, 2011
9 U.S NRC 10CFR73.1 "Physical Protection of Plants and Materials", U.S NRC, 2008
10 "SIMATIC NET Profibus Network Manual", SIEMENS
11 "SMQ320C32 Digital Signal Processor", Texas Instrument
12 NIST Special Publication 800-53 Rev.3, "Recommended Security Controls for Federal Information Systems and Organizations", NIST, 2009
13 "W32.Duqu", Symantec, 2011
14 "W32.Stuxnet Dossier", Symantec, 2011