Nuclear Engineering and Technology

Korean Nuclear Society (한국원자력학회)
권호 표지
DOI QR코드

DOI QR Code

Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET

  • Shin, Jinsoo (Department of Nuclear Engineering, Kyung Hee University) ;
  • Son, Hanseong (Computer and Game Science, Joongbu University) ;
  • Heo, Gyunyoung (Department of Nuclear Engineering, Kyung Hee University)
  • Received : 2016.07.06
  • Accepted : 2016.11.08
  • Published : 2017.06.25
Download PDF
⟨ Previous Next ⟩

Abstract

Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

Keywords

References

  1. B. Miller, D. Rowe, A survey SCADA of and critical infrastructure incidents, Conference on Information Technology Education, Canada, 2012, p. 1-6.
  2. S. Collins, S. McCombie, Stuxnet: the emergence of a new cyber weapon and its implications, J. Policing Intell. Counter Terrorism 7 (2012) 80-91, http://dx.doi.org/10.1080/18335330.2012.653198.
  3. U.S. NRC [Internet], Regulatory Guide 5.71, Cyber Security Programs for Nuclear Facilities, 2010. Available from: http://nrc-stp.ornl.gov/slo/regguide571.pdf.
  4. U.S. NRC [Internet], Regulatory Guide 1.152, Revision 2, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants, 2006. Available from: http://pbadupws.nrc.gov/docs/ML0530/ML053070150.pdf.
  5. U.S. NRC [Internet], Regulatory Guide 1.152, Revision 3, Criteria for Use of Computers in Safety Systems of Nuclear Power Plants, 2011. Available from: http://pbadupws.nrc.gov/docs/ML1028/ML102870022.pdf.
  6. IEEE, IEEE Std 7-4.3.2-2010-IEEE standard criteria for digital computers in safety systems of nuclear power generating stations, 2010. http://dx.doi:10.1109/IEEESTD.2010.5542302.
  7. Korea Institute of Nuclear Safety, KINAC/RS-015, Regulatory Standard on Cyber Security for Computer and Information System of Nuclear Facilities, 2014.
  8. J.G. Song, J.W. Lee, C.K. Lee, K.C. Kwon, D.Y. Lee, A cyber security risk assessment for the design of I&C systems in nuclear power plants, Nucl. Eng. Technol 44 (2012) 919-928, http://dx.doi.org/10.5516/NET.04.2011.065.
  9. J. Shin, H. Son, R. Khalil, G. Heo, Development of a cyber security risk model using Bayesian networks, Reliab. Eng. Syst. Saf 134 (2015) 208-217. https://doi.org/10.1016/j.ress.2014.10.006
  10. J.M. Bernardo, Reference posterior distributions for Bayesian inference, J. R. Stat. Soc. Ser. B (Methodol.) 41 (1979) 113-147.
  11. C.K. Park, J. Ha, Probabilistic Safety Assessment, Brain Korea, Seoul, 2003.
  12. J. Shin, G. Heo, H.G. Kang, H. Son, Methodology for applying cyber security risk evaluation form BN model to PSA model, International Symposium on Future I&C for Nuclear Power Plants (ISOFIC), Jeju, Republic of Korea, August 24-28, 2014.
  13. B. Kesler, The vulnerability of nuclear facilities to cyber attack, Strategic Insights 10 (2011) 15-25.
  14. D.Y. Lee, J.G. Choi, J. Lyou, A safety assessment methodology for a digital reactor protection system, Int. J. Control Autom. Syst. 4 (2006) 105-112.
  15. G.Y. Park, S.H. Bae, D.I. Bang, T.G. Kim, J.K. Park, Y.K. Kim, Design of instrumentation and control system for research reactors, 11th International Conference on Control, Automation and Systems, Gyeonggi-do, Republic of Korea, October 26-29, 2011, p. 1728-1731.
  16. Z. Bonnie, A. Joseph, S. Sastry, A taxonomy of cyber attacks on SCADA systems, Internet of things (iThings/CPSCom), 2011 International Conference on and 4th International Conference on Cyber, Physical and Social Computing, IEEE, 2011.
  17. W. Gao, T. Morris, B. Reaves, On SCADA control system command and response injection and intrusion detection, eCrime Researchers Summit (eCrime), IEEE, 2010.
  18. S. Hobbs [Internet]. Cyber Threats: Viruses, Worms, Trojans, and DoS Attacks, Global Information Assurance Certification Paper, SANS Institute, December, 2000. Available from: https://www.giac.org/paper/gsec/300/cyber-threats-virusesworms-trojans-dos-attacks/100898.
  19. M. Karresand, Separating Trojan horses, viruses, and worms-a proposed taxonomy of software weapons, Information Assurance Workshop, IEEE Systems, Man and Cybernetics Society, 2003.
  20. B.G. Kim, H.G. Kang, H.E. Kim, S.J. Lee, P.H. Seong, Reliability modeling of digital component in plant protection system with various fault-tolerant techniques, Nucl. Eng. Des. 265 (2013) 1005-1015. https://doi.org/10.1016/j.nucengdes.2013.06.019
  21. J. Shin, H. Son, G. Heo, Cyber security risk analysis model composed with activity-quality and architecture model, International Conference on Computer, Networks and Communication Engineering, Beijing, China, May 23-24, 2013, p. 609-612.
  22. J. Shin, H. Son, G. Heo, Comparative study of cyber security characteristics for nuclear systems, in: Frontier and Innovation in Future Computing and Communications, Lecture Notes in Electrical Engineering Vol. 301, Springer, 2014, pp. 87-93.
  23. IAEA [Internet]. IAEA-Tecdoc-719, Defining initiating events for purposes of probabilistic safety assessment, 1993. Available from: http://www-pub.iaea.org/MTCD/publications/PDF/te_719_web.pdf.

Cited by

  1. Network Security Risk Assessment System Based on Attack Graph and Markov Chain vol.910, pp.None, 2017, https://doi.org/10.1088/1742-6596/910/1/012005
  2. Integrated Circuit Security Risk Management Framework in Government Agencies vol.54, pp.4, 2017, https://doi.org/10.35741/issn.0258-2724.54.4.14
  3. Robustness of Optimal Investment Decisions in Mixed Insurance/Investment Cyber Risk Management vol.40, pp.3, 2020, https://doi.org/10.1111/risa.13416
  4. Cyber attack taxonomy for digital environment in nuclear power plants vol.52, pp.5, 2020, https://doi.org/10.1016/j.net.2019.11.001
  5. A Robust Cybersecurity Solution Platform Architecture for Digital Instrumentation and Control Systems in Nuclear Power Facilities vol.206, pp.7, 2017, https://doi.org/10.1080/00295450.2019.1666599
  6. Evolution of Safety and Security Risk Assessment methodologies towards the use of Bayesian Networks in Process Industries vol.149, pp.None, 2021, https://doi.org/10.1016/j.psep.2021.03.031
  7. A Review of Research Works on Supervised Learning Algorithms for SCADA Intrusion Detection and Classification vol.13, pp.17, 2017, https://doi.org/10.3390/su13179597
  8. Towards Integration of Security and Safety Measures for Critical Infrastructures Based on Bayesian Networks and Graph Theory: A Systematic Literature Review vol.2, pp.4, 2017, https://doi.org/10.3390/signals2040045
  9. CS Measures for Nuclear Power Plant Protection: A Systematic Literature Review vol.2, pp.4, 2017, https://doi.org/10.3390/signals2040046