• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.73-81
• /
• 2017

In April 2009, in the wake of President Obama's Prague speech, the international community held four nuclear sec urity summits from 2010 to 2016 to promote nuclear security and prevent nuclear terrorism. The Nuclear Security S ummit has made significant progress in preventing terrorists from attempting to acquire nuclear weapons or fissile materials, but it still has limitations and problems. To solve this problem, the international community should resume the joint efforts for strengthening bilateral cooperation and multilateral nuclear security regime, and the participating countries should strive to protect their own nuclear materials and fulfill their commitments to secure nuclear facilitie s. Second, the United Nations(UN), the IAEA(International Atomic Energy Agency), International Criminal Police Or ganization(INTERPOL), the Global Initiative to Combat Nuclear Terrorism(GICNT), and the Global Partnership(G P) must continue their missions to promote nuclear security in accordance with the five action plans adopted at the Fourth Nuclear Security Summit. Third, the participating countries should begin discussions on the management and protection of military nuclear materials that could not be covered by the Nuclear Security Summit. Fourth, the intern ational community must strive to strengthen the implementation of the Convention on the Physical Protection of Nuc lear Material(CPPNM) Amendment and International Convention for the Suppression of Acts of Nuclear Terrori sm(ICSANT), prepare for cyber attacks against nuclear facilities, and prevent theft, illegal trading and sabotage invo lving nuclear materials.

• Nuclear Engineering and Technology
• /
• v.53 no.5
• /
• pp.1479-1482
• /
• 2021

Research reactors are typically well-suited for outreach activities at different levels. However, unplanned seeking to increase the utilization of a research reactor may result in weakening the nuclear security of this facility. Research reactor staff might be in shortage of a functional nuclear security culture; specifically, there might be a conviction that the necessities of research can be given the priority over consistence with security procedural requirements. Research reactors are usually parts of bigger institutes or research labs of different activities. Moreover, the employments of research reactors are usually with the purpose that easy entry to the reactor premises is fundamental. So, they could be co-situated in places with different sorts of activities, mostly under similar security arrangements. The co-area of research reactor offices among different kinds of research labs introduces explicit security issues, the effects of which should be viewed as when building up a nuclear security framework. Notwithstanding potential security vulnerabilities presented in the design, research reactors frequently have devices kept promptly accessible to encourage research and education. The accessibility of these sorts of hardware could be used by an authorized person to commit an unapproved activity or cause harm. This paper aims to present insights to compromise contradicting conditions in new research reactors in which both enhancing utilization and ensuring security are satisfied.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.11 no.9
• /
• pp.3451-3457
• /
• 2010

Cyber security assessment is the process of determining how effectively an entity being assessed meets specific cyber security objectives. Cyber security assessment helps to measure the degree of confidence one has and to identify that the managerial, technical and operational measures work as intended to protect the I&C systems and the information it processes. Recently, needs for cyber security on digitalized nuclear I&C systems are increased. However the overall cyber security program, including cyber security assessment, is not established on those systems. This paper presents the methodology of cyber security assessment which is appropriate for nuclear I&C systems. This methodology provides the qualitative assessments that may formulate recommendations to bridge the security risk gap through the incorporated criteria. This methodology may be useful to the nuclear organizations for assessing the weakness and strength of cyber security on nuclear I&C systems. It may be useful as an index to the developers, auditors, and regulators for reviewing the managerial, operational and technical cyber security controls, also.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.6
• /
• pp.1425-1435
• /
• 2019

The expanded application of digital controls has raised the issue of cyber security for nuclear facilities. To cope with this, the cyber security technical standard RS-015 for Korean nuclear facilities requires nuclear system developers to apply security functions, analyze known vulnerabilities, and test and evaluate security functions. This requires the development of procedures and methods for testing the suitability of security functions in accordance with the nuclear cyber security technical standards. This study derived the security requirements required at the device level by classifying the details of the technical, operational and administrative security controls of RS-015 and developed procedures and methods to test whether the security functions implemented in the device meet the security requirements. This paper describes the process for developing security function compliance test procedures and methods and presents the developed test cases.

• Nuclear Engineering and Technology
• /
• v.44 no.8
• /
• pp.919-928
• /
• 2012

The applications of computers and communication system and network technologies in nuclear power plants have expanded recently. This application of digital technologies to the instrumentation and control systems of nuclear power plants brings with it the cyber security concerns similar to other critical infrastructures. Cyber security risk assessments for digital instrumentation and control systems have become more crucial in the development of new systems and in the operation of existing systems. Although the instrumentation and control systems of nuclear power plants are similar to industrial control systems, the former have specifications that differ from the latter in terms of architecture and function, in order to satisfy nuclear safety requirements, which need different methods for the application of cyber security risk assessment. In this paper, the characteristics of nuclear power plant instrumentation and control systems are described, and the considerations needed when conducting cyber security risk assessments in accordance with the lifecycle process of instrumentation and control systems are discussed. For cyber security risk assessments of instrumentation and control systems, the activities and considerations necessary for assessments during the system design phase or component design and equipment supply phase are presented in the following 6 steps: 1) System Identification and Cyber Security Modeling, 2) Asset and Impact Analysis, 3) Threat Analysis, 4) Vulnerability Analysis, 5) Security Control Design, and 6) Penetration test. The results from an application of the method to a digital reactor protection system are described.

• Nuclear Engineering and Technology
• /
• v.55 no.6
• /
• pp.2034-2046
• /
• 2023

Industrial control systems in nuclear facilities are facing increasing cyber threats due to the widespread use of information and communication equipment. To implement cyber security programs effectively through the RG 5.71, it is necessary to quantitatively assess cyber risks. However, this can be challenging due to limited historical data on threats and customized Critical Digital Assets (CDAs) in nuclear facilities. Previous works have focused on identifying data flows, the assets where the data is stored and processed, which means that the methods are heavily biased towards information security concerns. Additionally, in nuclear facilities, cyber threats need to be analyzed from a safety perspective. In this study, we use the system theoretic process analysis to identify system-level threat scenarios that could violate safety constraints. Instead of quantifying the likelihood of exploiting vulnerabilities, we quantify Security Control Measures (SCMs) against the identified threat scenarios. We classify the system and CDAs into four consequence-based classes, as presented in NEI 13-10, to analyze the adversary impact on CDAs. This allows for the ranking of identified threat scenarios according to the quantified SCMs. The proposed framework enables stakeholders to more effectively and accurately rank cyber risks, as well as establish security and response strategies.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2015.04a
• /
• pp.449-451
• /
• 2015

When cyber attacks are discovered in nuclear facilities, licensees are required to notify regulatory organizations for quick action. This also helps regulatory organizations to strengthen regulatory capabilities for cyber security. Currently the U.S. issued the final draft rule for Cyber Security Event Notifications. Domestic regulatory activities being at an early stage for cyber security need to implement law for Cyber Security Event Notifications. Since the current laws are focused on the aspect of safety, they are in need of more specific laws for cyber security.

• Nuclear Engineering and Technology
• /
• v.49 no.8
• /
• pp.1610-1616
• /
• 2017

To validate the new Evaluated Nuclear Data File $(ENDF)/B-VIII.0{\beta}4$ library, 31 different critical cores were selected and used for a benchmark test of the important parameter keff. The four utilized libraries are processed using Nuclear Data Processing Code (NJOY2016). The results obtained with the $ENDF/B-VIII.0{\beta}4$ library were compared against those calculated with ENDF/B-VI.8, ENDF/B-VII.0, and ENDF/B-VII.1 libraries using the Monte Carlo N-Particle (MCNP(X)) code. All the MCNP(X) calculations of keff values with these four libraries were compared with the experimentally measured results, which are available in the International Critically Safety Benchmark Evaluation Project. The obtained results are discussed and analyzed in this paper.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.29 no.4
• /
• pp.867-875
• /
• 2019

Security awareness and training are becoming more important as cyber security incidents tend to increase in industrial control systems, including nuclear power plants. For effective cyber security awareness and training for the personnel who manage and operate the target facility, a TEST-BED is required that can analyze the impact of cyber attacks from the sensor level to the operation status of the nuclear power plant. In this paper, we have developed an HIL system for nuclear power plant cyber security training. It includes nuclear power plant status simulations and specific system status simulation together with physical devices. This research result will be used for the specialized cyber security training program for Korean nuclear facilities.

• Proceedings of the KIEE Conference
• /
• 2008.10b
• /
• pp.209-210
• /
• 2008

In the case of unauthorized individuals, systems and entities or process threatening the instrumentation and control systems of nuclear facilities using the intrinsic vulnerabilities of digital based technologies, those systems may lose their own required functions. The loss of required functions of the critical systems of nuclear facilities may seriously affect the safety of nuclear facilities. Consequently, digital instrumentation and control systems, which perform functions important to safety, should be designed and operated to respond to cyber threats capitalizing on the vulnerabilities of digital based technologies. To make it possible, the developers and licensees of nuclear facilities should perform appropriate cyber security program throughout the whole life cycle of digital instrumentation and control systems. Under the goal of securing the safety of nuclear facilities, this paper presents the KINS' regulatory position on cyber security program to remove the cyber threats that exploit the vulnerabilities of digital instrumentation and control systems and to mitigate the effect of such threats. Presented regulatory position includes establishing the cyber security policy and plan, analyzing and classifying the cyber threats and cyber security assessment of digital instrumentation and control systems.