• Nuclear industry
• /
• v.36 no.11
• /
• pp.45-52
• /
• 2016

사이버 공격으로부터 원자력 시설을 보호하기 위해 동원되는 갖가지 안전 대책을 다루고 있는 문건은 상당히 많다. 스파이 소설에 나오는 것 같은 사이버 보안상의 공격과 그 방어 전략에 대한 관련 기관들의 검토도 끊임없이 지속되고 있다. 그러나 이제는 원전사업체들도 발생이 가능한 모든 복합적인 위협은 물론 직접적인 사이버 공격을 고려해서 자체적인 대비책을 강구할 필요가 있다.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2020.05a
• /
• pp.292-294
• /
• 2020

원자력 발전소의 계측제어시스템에 디지털 관련 기술이 적용되면서 사이버보안 위협이 증가하였고, 이에 따라 사이버보안 위협의 대응은 중요한 현안이 되었다. 하지만, 실제 운영중인 원자력 발전소에 침투 시험은 불가능하기 때문에 테스트베드를 구축 및 활용하여 사이버보안 위협을 분석해야 한다. 계측제어시스템의 비안전계통은 디지털 기반의 제어기기와 통신망이 사용되기 때문에 안전계통보다 많은 사이버보안 취약점이 존재한다. 본 연구에서는 비안전계통인 다양성보호계통을 위한 테스트베드의 구성과 취약점 확인을 위한 공격, 그리고 대처 방안에 대해 논의한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2012.06d
• /
• pp.354-356
• /
• 2012

최근, 원전 디지털 계측제어 시스템에서의 다양한 사이버 공격이 보고되고 있다. 이러한 사이버 위협에 대응하기 위해, 원자력 산업분야에서는 여러 규제 요건들을 소개하고 있으나, 이러한 규제 요건을 만족하기 위한 효율적인 개발 과정에 대한 연구 또는 가이드는 제시되지 않고 있어서 원전 설계 및 개발에서 혼란과 어려움이 가중되고 있다. 이 논문은 사이버보안 대응을 위한 중요 규제지침을 종합적으로 분석하여 효율적인 원전 계측제어 시스템 개발 과정을 제안하고 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.3
• /
• pp.639-648
• /
• 2015

SInce 2000, Instrumentation and Control(I&C) systems of Nuclear Power Plant(NPP) based on analog technology began to be applied to the digital technology. NPPs under construction in the country with domestic APR1400 I&C system, most devices were digitalized. Cyber security of NPP I&C systems has emerged as an important issue because digital devices compared to the existing analog equipment are vulnerable to cyber attacks. In this paper, We proposed the risk rating process of cyber security threats in NPP I&C system and applied the proposed process to the Reactor Protection System(RPS) developed through Korea Nuclear Instrumentation & Control System(KINCS) project for evaluating the risk of cyber security threats.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.3
• /
• pp.471-478
• /
• 2013

Industrial control system was designed mainly in the form of analog in early days. However, necessity of digital system engineering is increasing recently because systems become complicated. Consequently, stability of digital systems is improved so most industrial control systems are designed with digital. Because Using digital design of Industrial control system is expanded, various threatening possibilities such as penetration or destruction of systems are increasing enormously. Domestic and overseas researchers accordingly make a multilateral effort into risk analysis and preparing countermeasures. In this paper, this report chooses common security requirement in industrial control system and nuclear control system through relevant guidelines analysis. In addition, this report suggests the development plan of nuclear cyber security system which will be an essential ingredient of planning approvals.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.3
• /
• pp.537-552
• /
• 2024

Domestic nuclear power plants operate under the establishment of the "Information System Security Regulations" in accordance with the Nuclear Safety Act, introducing and implementing a cybersecurity system that encompasses organizational structure as well as technical, operational, and managerial security measures for assets. Despite attempts such as phased approaches and alternative measures for physical protection systems, the reduction in managed items has not been achieved, leading to an increased burden on security capabilities due to limited manpower at the site. In the main text, an analysis is conducted on Type A1 assets performing nuclear safety functions using Maintenance Rules (MR) and EPRI Technical Assessment Methodology (TAM) from both a maintenance perspective and considering device characteristics. Through this analysis, approaches to re-evaluate the impact of cyber intrusions on asset functionality are proposed.

• Nuclear industry
• /
• v.35 no.5
• /
• pp.2-3
• /
• 2015

• Asia-pacific Journal of Multimedia Services Convergent with Art, Humanities, and Sociology
• /
• v.8 no.4
• /
• pp.285-296
• /
• 2018

Among many hacking attempts carried out in the past few years, the cyber-attacks that could have caused a national-level disaster were the attacks against nuclear facilities including nuclear power plants. The most typical one was the Stuxnet attack against Iranian nuclear facility and the cyber threat targeting one of the facilities operated by Korea Hydro and Nuclear Power Co., Ltd (Republic of Korea; ROK). Although the latter was just a threat, it made many Korean people anxious while the former showed that the operation of nuclear plant can be actually stopped by direct cyber-attacks. After these incidents, the possibility of cyber-attacks against industrial control systems has become a reality and the security for these systems has been tightened based on the idea that the operations by network-isolated systems are no longer safe from the cyber terrorism. The ROK government has established a realistic control systems defense concept and in the US, the relevant authorities have set up several security frameworks to prepare for the threats. This paper presented various cyber security attack cases and their scenarios against control systems, along with the analysis of countermeasures for them. Though this task, we attempt to identify the items that need to be considered when designing a domestic security framework to improve security and secure stability.

• KIPS Transactions on Computer and Communication Systems
• /
• v.2 no.12
• /
• pp.561-568
• /
• 2013

Instrumentation and control system in nuclear power plant performs protecting, controling and monitoring safety operation of Nuclear Power Plant. As cyber attack to the control equipment of instrumentation and control system can cause reactor shutdown and radiation release, it is required to design the instrumentation and control system considering cyber security in accordance with regulatory guides and industrial standards. In this paper, we proposed a design method of uni-directional communication structure which is required in the design of defense-in-depth model according to regulatory guides and industrial standards and we implemented a communication board with the proposed method. This communication board was tested in various test environments and test items and we concluded it can provide uni-directional communication structure required to design of defense-in-depth model against cyber attack by analyzing the results. The proposed method and implemented communication board were applied in the design of SMART (system-integrated modular advanced reactor) I&C (instrumentation and control) systems.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.5
• /
• pp.1077-1088
• /
• 2019

As the cyber threats of nuclear power plants become more necessary to systematically prepare against the cyber attack, the international community and the domestic government are urged to apply proper security controls for Critical Digital Assets (CDA) through cyber security regulatory guidelines. In this study, we suggests the application of security controls to develop the regulatory requirements of the graded approach through the analysis of domestic and foreign cyber security regulation guidelines and best practices for digital assets directly related to nuclear accidents. In order to apply the regulatory requirements based on the consequence(impact of infringement) of the regulated facility, which is a basic consideration of the graded approach, we will classify two methods and describe details of each method. By reanalyzing existing security controls, it is introduced that the method of demanding digital assets directly related to accident to enhance security controls required for existing CDA or develop additional security controls and requiring minimum security controls for CDA that are not directly related to accident.