Browse > Article
http://dx.doi.org/10.13067/JKIECS.2011.6.6.839

Digital Asset Analysis Methodology against Cyber Threat to Instrumentation and Control System in Nuclear Power Plants  

Koo, In-Soo (한국원자력연구원)
Kim, Kwan-Woong (한국원자력연구원)
Hong, Seok-Boong (한국원자력연구원)
Park, Geun-Ok (한국원자력연구원)
Park, Jae-Yoon (한국원자력연구원)
Publication Information
The Journal of the Korea institute of electronic communication sciences / v.6, no.6, 2011 , pp. 839-847 More about this Journal
Abstract
Instrumentation & Control(I&C) System in NPP(Nuclear Power Plant) plays a important role as the brain of human being, it performs protecting, controling and monitoring safety operation of NPP. Recently, the I&C system is digitalized as digital technology such as PLC, DSP, FPGA. The different aspect of digital system which use digital communication to analog system is that it has potential vulnerability to cyber threat in nature. Possibility that digital I&C system is defected by cyber attack is increasing day by day. The result of cyber attack can be adverse effect to safety function in NPP. Therefore, I&C system required cyber security counter-measures that protect themselves from cyber threat efficiently and also cyber security design should be taken into consideration at concept stage in I&C system development process. In this study, we proposed the digital asset analysis method for cyber security assessment of I&C system design in NPP and we performed digital asset analysis of I&C system by using the proposed method.
Keywords
I&C; Cyber security; Asset Identification; Asset Valuation; Asset Analysis Method;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 D. Dzung, M. Naedele, T. Von Hoff, and M. Crevatin, "Security for industrial communication systems," Proc. IEEE, Vol. 93, No. 6, pp. 1152 - 1177, Jun., 2005.   DOI
2 G. Ericsson, "Information security for electric power utilities (EPUs)-CIGRE developments on frameworks, risk assessment, and technology," IEEE Trans. Power Del., Vol. 24, No. 3, pp. 1174 - 1181, Jul., 2009.   DOI
3 Robert J. Turk, "Cyber Incidents Involving Control Systems", INL/EXT-05-00671, Oct., 2005.
4 Symantec Security Respon se, "W32.Stuxnet Dossier", Rev. 1.4, Feb., 2011.
5 Symantec Security Response, "W32.Duqu The precursor to the next stuxnet", Rev. 1.2, Oct., 2011.
6 ISO/IEC 27005, "Information Technology - Security Techniques - Information Security Risk Management", 2008.
7 Regulatory Guide 5.71, "Cyber Security Programs for Nuclear Facilities", US-NRC, 2010.
8 IAEA, IAEA Nuclear Security Series No.XX, "Computer Security at Nuclear Facilities", Draft version, 2010.
9 Gary Stoneburner, Alice Goguen, and Alexis Firnga, "Risk Management Guide for Information Technology Systems", NIST, Jul., 2002.
10 서우석, 전문석, "스마트그리드(Smart Grid) 전력망과 정보통신망 융합 보안 방향", 한국전자통신학회논문지, 5권, 5호, pp. 477-486, 2010.
11 차인환, "내부 정보보호를 위한 인원보안 관리 방안 연구", 한국전자통신학회논문지, 3권, 4호, pp. 210-220, 2008.