Browse > Article
http://dx.doi.org/10.13089/JKIISC.2019.29.6.1425

Research of Cyber Security Function Test Method for Digital I&C Device in Nuclear Power Plants  

Song, Jae-gu (Korea Atomic Energy Research Institute)
Shin, Jin-soo (Korea Atomic Energy Research Institute)
Lee, Jung-woon (Korea Atomic Energy Research Institute)
Lee, Cheol-kwon (Korea Atomic Energy Research Institute)
Choi, Jong-gyun (Korea Atomic Energy Research Institute)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.29, no.6, 2019 , pp. 1425-1435 More about this Journal
Abstract
The expanded application of digital controls has raised the issue of cyber security for nuclear facilities. To cope with this, the cyber security technical standard RS-015 for Korean nuclear facilities requires nuclear system developers to apply security functions, analyze known vulnerabilities, and test and evaluate security functions. This requires the development of procedures and methods for testing the suitability of security functions in accordance with the nuclear cyber security technical standards. This study derived the security requirements required at the device level by classifying the details of the technical, operational and administrative security controls of RS-015 and developed procedures and methods to test whether the security functions implemented in the device meet the security requirements. This paper describes the process for developing security function compliance test procedures and methods and presents the developed test cases.
Keywords
Security Test; Digital I&C; Nuclear Power Plant;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Schneider-electric, "NERC CIP compliance for the power generation industry, Developing a comprehensive program to comply with NERC CIP cyber security requirements," https://www.schneider-electric.com/en/download/document/PAS_63680_CPM16120/ (accessed Aug. 2019).
2 ISA Security, "Schneider Electric achieves industry-first ISA Secure(R) Level Two Security Development Lifecycle Assurance certification," https://www.isasecure.org/en-US/News-Events/Schneider-Electric-achieves-industry-first-ISASecu (accessed Aug. 2019).
3 SANS, "Waterfall for NRC Compliance with regard to NIST 800.53 and 800.82: Using Waterfall's Unidirectional Security Solution to Achieve True Security & NRC Compliance Ver. 1.4," https://www.sans.org/cyber-security-summit/archives/file/summit_archive_1493758233.pdf (accessed Aug. 2019).
4 SIEMENS, "Security with SIMATIC-S7 controllers," https://support.industry.siemens.com/cs/document/77431846/security-with-simatic-s7-controllers?dti=0&lc=en-WW (accessed Aug. 2019).
5 LogRhythm, "LogRhythm Support for NRC RG. 5.71," White paper - Compliance Support for NRC RG 5.71. LogRhythm Inc. Jul. 2014.
6 Regulatory Standard 015, "Regulatory standard on computer security of nuclear facilities," KINAC, Oct. 2014.
7 Regulatory Guide 5.71, "Cyber Security Programs for Nuclear Facilities," U.S. Nuclear Regulatory Commission, Jan. 2010.
8 NIST SP800-53A Revision 1, "Guide for assessing the security controls in federal information systems," National Institute of Standards and Technology, Jun. 2010.
9 IAEA Nuclear Security Series No.17, "Computer security at nuclear Facilities," International Atomic Energy Agency, Dec. 2011.
10 NEI 13-10 Revision 5, "Cyber Security Control Assessments," Nuclear Energy Institute, Feb. 2017.
11 NEI 08-09 Revision 6, "Cyber Security Plan for Nuclear Power Reactors," Nuclear Energy Institute, Apr. 2010.
12 IEEE Standard 1012-2016, "IEEE Standard for System, Software, and Hardware Verification and Validation," Institute of Electrical and Electronics Engineers, Sep. 2017.
13 TTA.KO-12.0307-part4, "Security Requirements for Industrial Control System - Part 4: Operation Layer," Telecommunications Technology Association, Jun. 2017.
14 K. C. Kwon, J. S. Lee, and E. Jee, "Application and Analysis of the Paradigm of Software Safety Assurance for a Digital Reactor Protection System in Nuclear Power Plants," KIISE Transactions on Computing Practices, vol. 23, pp. 335-342, Jun. 2017.   DOI
15 ITSCC, "Korea IT Security Evaluation and Certification Scheme," https://itscc.kr/svc/svc/openPage.do?pageId=010200 (accessed Aug. 2019).
16 TTA.KO-12.0307-part1, "Security Requirements for Industrial Control System - Part 1: Concepts and Reference Model," Telecommunications Technology Association, Jun. 2017.
17 TTA.KO-12.0307-part2, "Security Requirements for Industrial Control System - Part 2: Field Device Layer," Telecommunications Technology Association, Jun. 2017.
18 TTA.KO-12.0307-part3, "Security Requirements for Industrial Control System - Part 3: Control Layer," Telecommunications Technology Association, Jun. 2017.
19 J. G. Song, J. W. Lee, G. Y. Park, K. C. Kwon, D. Y. Lee, and C. K. Lee, "An Analysis of Technical Security Control Requirements for Digital I&C System in Nuclear Power Plants," Nuclear Engineering and Technology, vol. 45, pp. 637-652, Oct. 2013.   DOI
20 NEI 18-08, "Portable Media Scanning Stations / Kiosk cyber Security Controls Evaluation Template," Nuclear Energy Institute, Aug. 2018.
21 J. Searle, G. Rasche, A. Wright, S. Dinnage, "Guide to Penetration Testing for Electric Utilities Revision 3," National Electric Sector Cybersecurity Organization Resource, 2016.