[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.1016/j.net.2016.11.004

Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET

Shin, Jinsoo (Department of Nuclear Engineering, Kyung Hee University)
Son, Hanseong (Computer and Game Science, Joongbu University)
Heo, Gyunyoung (Department of Nuclear Engineering, Kyung Hee University)

Publication Information

Nuclear Engineering and Technology / v.49, no.3, 2017 , pp. 517-524 More about this Journal

Abstract

Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

Keywords

Activitye-Quality; Architecture Analysis; Bayesian Network; Cyber Security; Reactor Protection System; Research Reactor;

Citations & Related Records

Times Cited By KSCI : 1 (Citation Analysis)

Reference
Cited By KSCI

1	B.G. Kim, H.G. Kang, H.E. Kim, S.J. Lee, P.H. Seong, Reliability modeling of digital component in plant protection system with various fault-tolerant techniques, Nucl. Eng. Des. 265 (2013) 1005-1015. DOI
2	J. Shin, H. Son, G. Heo, Cyber security risk analysis model composed with activity-quality and architecture model, International Conference on Computer, Networks and Communication Engineering, Beijing, China, May 23-24, 2013, p. 609-612.
3	J. Shin, H. Son, G. Heo, Comparative study of cyber security characteristics for nuclear systems, in: Frontier and Innovation in Future Computing and Communications, Lecture Notes in Electrical Engineering Vol. 301, Springer, 2014, pp. 87-93.
4	IAEA [Internet]. IAEA-Tecdoc-719, Defining initiating events for purposes of probabilistic safety assessment, 1993. Available from: http://www-pub.iaea.org/MTCD/publications/PDF/te_719_web.pdf.
5	B. Miller, D. Rowe, A survey SCADA of and critical infrastructure incidents, Conference on Information Technology Education, Canada, 2012, p. 1-6.
6	S. Collins, S. McCombie, Stuxnet: the emergence of a new cyber weapon and its implications, J. Policing Intell. Counter Terrorism 7 (2012) 80-91, http://dx.doi.org/10.1080/18335330.2012.653198. DOI
7	IEEE, IEEE Std 7-4.3.2-2010-IEEE standard criteria for digital computers in safety systems of nuclear power generating stations, 2010. http://dx.doi:10.1109/IEEESTD.2010.5542302.
8	U.S. NRC [Internet], Regulatory Guide 5.71, Cyber Security Programs for Nuclear Facilities, 2010. Available from: http://nrc-stp.ornl.gov/slo/regguide571.pdf.
9	U.S. NRC [Internet], Regulatory Guide 1.152, Revision 2, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants, 2006. Available from: http://pbadupws.nrc.gov/docs/ML0530/ML053070150.pdf.
10	U.S. NRC [Internet], Regulatory Guide 1.152, Revision 3, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants, 2011. Available from: http://pbadupws.nrc.gov/docs/ML1028/ML102870022.pdf.
11	Korea Institute of Nuclear Safety, KINAC/RS-015, Regulatory Standard on Cyber Security for Computer and Information System of Nuclear Facilities, 2014.
12	J.G. Song, J.W. Lee, C.K. Lee, K.C. Kwon, D.Y. Lee, A cyber security risk assessment for the design of I&C systems in nuclear power plants, Nucl. Eng. Technol 44 (2012) 919-928, http://dx.doi.org/10.5516/NET.04.2011.065. DOI
13	J. Shin, H. Son, R. Khalil, G. Heo, Development of a cyber security risk model using Bayesian networks, Reliab. Eng. Syst. Saf 134 (2015) 208-217. DOI
14	J.M. Bernardo, Reference posterior distributions for Bayesian inference, J. R. Stat. Soc. Ser. B (Methodol.) 41 (1979) 113-147.
15	Z. Bonnie, A. Joseph, S. Sastry, A taxonomy of cyber attacks on SCADA systems, Internet of things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing, IEEE, 2011.
16	C.K. Park, J. Ha, Probabilistic Safety Assessment, Brain Korea, Seoul, 2003.
17	J. Shin, G. Heo, H.G. Kang, H. Son, Methodology for applying cyber security risk evaluation form BN model to PSA model, International Symposium on Future I&C for Nuclear Power Plants (ISOFIC), Jeju, Republic of Korea, August 24-28, 2014.
18	B. Kesler, The vulnerability of nuclear facilities to cyber attack, Strategic Insights 10 (2011) 15-25.
19	D.Y. Lee, J.G. Choi, J. Lyou, A safety assessment methodology for a digital reactor protection system, Int. J. Control Autom. Syst. 4 (2006) 105-112.
20	G.Y. Park, S.H. Bae, D.I. Bang, T.G. Kim, J.K. Park, Y.K. Kim, Design of instrumentation and control system for research reactors, 11th International Conference on Control, Automation and Systems, Gyeonggi-do, Republic of Korea, October 26-29, 2011, p. 1728-1731.
21	W. Gao, T. Morris, B. Reaves, On SCADA control system command and response injection and intrusion detection, eCrime Researchers Summit (eCrime), IEEE, 2010.
22	S. Hobbs [Internet]. Cyber Threats: Viruses, Worms, Trojans, and DoS Attacks, Global Information Assurance Certification Paper, SANS Institute, December, 2000. Available from: https://www.giac.org/paper/gsec/300/cyber-threats-virusesworms-trojans-dos-attacks/100898.
23	M. Karresand, Separating Trojan horses, viruses, and worms-a proposed taxonomy of software weapons, Information Assurance Workshop, IEEE Systems, Man and Cybernetics Society, 2003.

None	(2017) Journal of physics. Conference series Network Security Risk Assessment System Based on Attack Graph and Markov Chain / 910 (None) , 012005
4	(2017) 西南交通大學學報 Integrated Circuit Security Risk Management Framework in Government Agencies / 54 (4) , 14
3	(2020) Risk analysis : an official publication of the Society for Risk Analysis Robustness of Optimal Investment Decisions in Mixed Insurance/Investment Cyber Risk Management / 40 (3) , 550
5	(2020) Nuclear engineering and technology : an international journal of the Korean Nuclear Society Cyber attack taxonomy for digital environment in nuclear power plants / 52 (5) , 995
7	(2017) Nuclear technology A Robust Cybersecurity Solution Platform Architecture for Digital Instrumentation and Control Systems in Nuclear Power Facilities / 206 (7) , 939
None	(2021) Process safety and environmental protection : transactions of the Institution of Chemical Engineers, Part B Evolution of Safety and Security Risk Assessment methodologies towards the use of Bayesian Networks in Process Industries / 149 (None) , 758
17	(2017) Sustainability A Review of Research Works on Supervised Learning Algorithms for SCADA Intrusion Detection and Classification / 13 (17) , 9597
4	(2017) Signals Towards Integration of Security and Safety Measures for Critical Infrastructures Based on Bayesian Networks and Graph Theory: A Systematic Literature Review / 2 (4) , 771
4	(2017) Signals CS Measures for Nuclear Power Plant Protection: A Systematic Literature Review / 2 (4) , 803