• 제목/요약/키워드: Nuclear security

검색결과 402건 처리시간 0.034초

원전 계측제어시스템의 사이버보안 요구사항 (Introduction of Requirements and Regulatory Guide on Cyber Security of I&C Systems in Nuclear Facilities)

  • 강영두;정충희;정길도
    • 대한전기학회:학술대회논문집
    • /
    • 대한전기학회 2008년도 학술대회 논문집 정보 및 제어부문
    • /
    • pp.209-210
    • /
    • 2008
  • In the case of unauthorized individuals, systems and entities or process threatening the instrumentation and control systems of nuclear facilities using the intrinsic vulnerabilities of digital based technologies, those systems may lose their own required functions. The loss of required functions of the critical systems of nuclear facilities may seriously affect the safety of nuclear facilities. Consequently, digital instrumentation and control systems, which perform functions important to safety, should be designed and operated to respond to cyber threats capitalizing on the vulnerabilities of digital based technologies. To make it possible, the developers and licensees of nuclear facilities should perform appropriate cyber security program throughout the whole life cycle of digital instrumentation and control systems. Under the goal of securing the safety of nuclear facilities, this paper presents the KINS' regulatory position on cyber security program to remove the cyber threats that exploit the vulnerabilities of digital instrumentation and control systems and to mitigate the effect of such threats. Presented regulatory position includes establishing the cyber security policy and plan, analyzing and classifying the cyber threats and cyber security assessment of digital instrumentation and control systems.

  • PDF

Modeling cryptographic algorithms validation and developing block ciphers with electronic code book for a control system at nuclear power plants

  • JunYoung Son;Taewoo Tak;Hahm Inhye
    • Nuclear Engineering and Technology
    • /
    • 제55권1호
    • /
    • pp.25-36
    • /
    • 2023
  • Nuclear power plants have recognized the importance of nuclear cybersecurity. Based on regulatory guidelines and security-related standards issued by regulatory agencies around the world including IAEA, NRC, and KINAC, nuclear operating organizations and related systems manufacturing organizations, design companies, and regulatory agencies are considering methods to prepare for nuclear cybersecurity. Cryptographic algorithms have to be developed and applied in order to meet nuclear cybersecurity requirements. This paper presents methodologies for validating cryptographic algorithms that should be continuously applied at the critical control system of I&C in NPPs. Through the proposed schemes, validation programs are developed in the PLC, which is a critical system of a NPP's I&C, and the validation program is verified through simulation results. Since the development of a cryptographic algorithm validation program for critical digital systems of NPPs has not been carried out, the methodologies proposed in this paper could provide guidelines for Cryptographic Module Validation Modeling for Control Systems in NPPs. In particular, among several CMVP, specific testing techniques for ECB mode-based block ciphers are introduced with program codes and validation models.

원전 사이버보안 체계 개발 방안에 대한 연구 (development plan of nuclear cyber security system)

  • 한경수;이강수
    • 정보보호학회논문지
    • /
    • 제23권3호
    • /
    • pp.471-478
    • /
    • 2013
  • 산업제어시스템은 초기에 주로 아날로그 형태로 구축되었다. 그러나 산업발전에 따라 운영에 필요한 센서들이 증가하면서 시스템이 복잡해지고 정밀함이 요구되어 디지털 설계의 필요성이 높아졌다. 그런 필요성에 발맞추어 디지털 시스템들의 안정성은 크게 향상되었고, 최근에는 원전을 포함한 대부분의 제어시스템들이 디지털로 설계되고 있다. 산업제어시스템의 디지털 활용이 점차 개방화 표준화되면서 잠재적인 사이버 위협세력에 의한 제어시스템 침투 및 파괴 가능성이 매우 높아졌다. 이에 따라 국내 외에서는 위협의 식별과 효과적인 대책마련을 위하여 다양한 노력을 기울이고 있다. 본 논문은 관련지침 분석을 통해 제어시스템과 원전제어시스템의 공통되는 보안요구사항을 취하고, 향후 원전 인 허가 요건으로 필수적인 원전 사이버보안 체계 개발방안을 제안한다.

원자력시설의 필수디지털자산에 대한 기술적 보안조치항목에 대한 연구 (A Study on the Implementation of Technical Security Control for Critical Digital Asset of Nuclear Facilities)

  • 최윤혁;이상진
    • 정보보호학회논문지
    • /
    • 제29권4호
    • /
    • pp.877-884
    • /
    • 2019
  • 기술발전에 따라 원자력시설에 사용되는 장비가 아날로그 시스템에서 디지털 시스템으로 변경되는 추세이다. 컴퓨터와 디지털시스템의 비율이 증가함에 따라 원자력시설은 사이버 위협에 노출되었다. 그 결과 사이버보안에 대한 관심이 높아지고 사이버 공격으로부터 시스템을 보호해야 한다는 인식의 변화가 생겼다. 국내 규제기관에서 발행한 KINAC/RS-015는 필수디지털자산에 대해 101가지 사이버보안 통제항목을 제시하였지만 디지털자산의 특성을 고려하지 않은 일반적인 항목이다. 모든 사이버보안 통제항목을 필수디지털자산에 적용하는 것은 많은 작업량과 효율성을 떨어뜨린다. 본 논문에서는 필수디지털자산의 특성을 파악하고 적절한 보안조치항목을 제시함으로써 효과적인 사이버 보안 통제항목 적용을 제안한다.

Challenges in nuclear energy adoption: Why nuclear energy newcomer countries put nuclear power programs on hold?

  • Philseo Kim;Hanna Yasmine;Man-Sung Yim;Sunil S. Chirayath
    • Nuclear Engineering and Technology
    • /
    • 제56권4호
    • /
    • pp.1234-1243
    • /
    • 2024
  • The pressing need to mitigate greenhouse gas emissions has stimulated a renewed interest in nuclear energy worldwide. However, while numerous countries have shown interest in nuclear power over the course of history, many of them have not continued their pursuit and chosen to defer or abandon their peaceful nuclear power projects. Scrapping a national nuclear power program after making initial efforts implies significant challenges in such a course or a waste of national resources. Therefore, this study aims to identify the crucial factors that influence a country's decision to terminate or hold off its peaceful nuclear power programs. Our empirical analyses demonstrate that major nuclear accidents and leadership changes are significant factors that lead countries to terminate or defer their nuclear power programs. Additionally, we highlight that domestic politics (democracy), lack of military alliance with major nuclear suppliers, low electricity demand, and national energy security environments (energy import, crude oil price) can hamper a country's possibility of regaining interest in a nuclear power program after it has been scrapped, suspended, or deferred. The findings of this study have significant implications for policymakers and stakeholders in the energy sector as they strive to balance the competing demands of energy security, and environmental sustainability.

핵·원자력 공공외교: 새로운 영역으로의 확장 가능성 (Nuclear·Atomic Public Diplomacy: The Possibility of Expanding Toward New Issue Area)

  • 이한형
    • Journal of Public Diplomacy
    • /
    • 제3권1호
    • /
    • pp.43-63
    • /
    • 2023
  • 목적: 핵·원자력 분야는 전통적으로 정무외교·경제외교 영역에 속했다. 핵확산 문제는 사안의 중대성과 국제안보에 미치는 심각성, 강대국과 비확산레짐의 영향력 등을 고려했을 때 당연히 국가 간 해결해야 할 문제였고, 원자력 에너지 산업도 예산과 인력, 사업의 규모 등을 고려했을 때 경제적 관점에서 접근했던 것이다. 따라서 본 연구의 목적은 기존의 관점에서 탈피하여 공공외교가 핵·원자력이라는 새로운 영역으로 확장될 수 있는지 그 가능성을 살펴보는 것이다. 방법: 이를 위해 핵·원자력 분야에서 한국의 위치가 가지는 특수성을 살펴보고 공공외교의 특성과 비교하여 상호 중첩되는 영역이 있는지 분석한다. 결과: 핵·원자력 이슈에 관한 한국의 특수성, 공공외교와의 중첩 등을 고려했을 때 해당 분야에 대한 공공외교의 영역 확장과 역할 확대는 가능할 것으로 보인다. 특히, 국가의 주도적 역할이 필요하다는 점과 한국의 안보 및 경제 구조를 고려했을 때 지속적인 정책적 수요가 있다는 점에서 그러하다. 실제로 카이스트 핵비확산교육연구센터(KAIST NEREC)에서는 하계장학생프로그램(Summer Fellows Program) 운영을 통해 핵·원자력 분야의 공공외교를 펼치고 있으며, 상당한 성과를 거두고 있는 것으로 평가된다. 결론: 따라서 본 논문에서는 전통적으로 정무외교, 정상외교, 경제외교의 관점에서 접근해왔던 핵·원자력 이슈에 대해 공공외교의 역할 증진 가능성을 높게 평가하고 이와 유사한 공공외교 활동들에 대한 예산 지원, 프로그램 및 인력 확대가 필요함을 강조한다. 이를 통해 한국의 핵정책과 원자력 산업이 국제사회의 지지를 얻고 한국의 국익 향상에 도움이 될 것으로 기대된다.

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

  • Song, Jae-Gu;Lee, Jung-Woon;Park, Gee-Yong;Kwon, Kee-Choon;Lee, Dong-Young;Lee, Cheol-Kwon
    • Nuclear Engineering and Technology
    • /
    • 제45권5호
    • /
    • pp.637-652
    • /
    • 2013
  • Instrumentation and control systems in nuclear power plants have been digitalized for the purpose of maintenance and precise operation. This digitalization, however, brings out issues related to cyber security. In the most recent past, international standard organizations, regulatory institutes, and research institutes have performed a number of studies addressing these systems cyber security.. In order to provide information helpful to the system designers in their application of cyber security for the systems, this paper presents methods and considerations to define attack vectors in a target system, to review and select the requirements in the Regulatory Guide 5.71, and to integrate the results to identify applicable technical security control requirements. In this study, attack vectors are analyzed through the vulnerability analyses and penetration tests with a simplified safety system, and the elements of critical digital assets acting as attack vectors are identified. Among the security control requirements listed in Appendices B and C to Regulatory Guide 5.71, those that should be implemented into the systems are selected and classified in groups of technical security control requirements using the results of the attack vector analysis. For the attack vector elements of critical digital assets, all the technical security control requirements are evaluated to determine whether they are applicable and effective, and considerations in this evaluation are also discussed. The technical security control requirements in three important categories of access control, monitoring and logging, and encryption are derived and grouped according to the elements of attack vectors as results for the sample safety system.

Application of STPA-SafeSec for a cyber-attack impact analysis of NPPs with a condensate water system test-bed

  • Shin, Jinsoo;Choi, Jong-Gyun;Lee, Jung-Woon;Lee, Cheol-Kwon;Song, Jae-Gu;Son, Jun-Young
    • Nuclear Engineering and Technology
    • /
    • 제53권10호
    • /
    • pp.3319-3326
    • /
    • 2021
  • As a form of industrial control systems (ICS), nuclear instrumentation and control (I&C) systems have been digitalized increasingly. This has raised in turn cyber security concerns. Cyber security for ICS is important because cyber-attacks against ICS can cause not only equipment damage and loss of production but also personal and public safety hazards unlike in general IT environments. Numerous risk analyses have been carried out to enhance the safety of ICS and recently, many studies related to the cyber security of ICS are being conducted. Many existing risk analyses and cyber security studies have considered safety and cyber security separately. However, both safety and cyber security perspectives should be considered when analyzing risks for complex and critical ICS facilities such as nuclear power plants (NPPs). In this paper, the STPA-SafeSec methodology is selected to consider both safety and security perspectives when performing a risk analysis for NPPs in order to assess impacts on the safety by cyber-attacks against the digital I&C systems. The STPA-SafeSec methodology was applied to a test-bed system that simulates a condensate water (CD) system in an NPP. The process of the application up to the development of mitigation strategies is described in detail.

An inter-comparison between ENDF/B-VIII.0-NECP-Atlas and ENDF/B-VIII.0-NJOY results for criticality safety benchmarks and benchmarks on the reactivity temperature coefficient

  • Kabach, Ouadie;Chetaine, Abdelouahed;Benchrif, Abdelfettah;Amsil, Hamid
    • Nuclear Engineering and Technology
    • /
    • 제53권8호
    • /
    • pp.2445-2453
    • /
    • 2021
  • Since the nuclear data forms a vital component in reactor physics computations, the nuclear community needs processing codes as tools for translating the Evaluated Nuclear Data Files (ENDF) to simulate nuclear-related problems such as an ACE format that is used for MCNP. Errors, inaccuracies or discrepancies in library processing may lead to a calculation that disagrees with the experimentally measured benchmark. This paper provides an overview of the processing and preparation of ENDF/B-VIII.0 incident neutron data with NECP-Atlas and NJOY codes for implementation in the MCNP code. The resulting libraries are statistically inter-compared and tested by conducting benchmark calculations, as the mutualcomparison is a source of strong feedback for further improvements in processing procedures. The database of the benchmark experiments is based on a selection taken from the International Handbook of Evaluated Criticality Safety Benchmark Experiments (ICSBEP handbook) and those proposed by Russell D. Mosteller. In general, there is quite good agreement between the NECP-Atlas1.2 and NJOY21(1.0.0.json) results with no substantial differences, if the correct input parameters are used.