Cyber Security Assessment of Component Off-the-Shelf Based NPP I&C System Using IMECA Technique

2017 ◽  
Author(s):  
Ilona Zelinko ◽  
Vyacheslav Kharchenko ◽  
Konstantin Leontiev
Keyword(s):  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
Impact Analysis ◽  
Security Assessment ◽  
Three Dimension ◽  
Security Assurance ◽  
Commercial Off The Shelf ◽  
Security Costs ◽  
Systems Requirements

Nowadays cyber security assurance is one of the key challenges of safety critical software based NPP I&C (Nuclear Power Plants Instrumentation and Control) systems requirements profiling, development and operation. Any I&C system consists of a set of standard software (SW), hardware (HW) and FPGA components. These components can be selected and combined in different ways to address the particular control and safety assurance related tasks. Some of them are proprietary software (PS) and commercial off-the-shelf (COTS) components developed previously. Application of such components reduces the level of safety and cyber security, because they can contain vulnerabilities that were created intentionally. In this case, targeted attacks can lead to a system failure. National Vulnerability Database (NVD) and other open databases contain information about vulnerabilities which can be attacked by insiders or other intruders and decrease cyber security of NPP I&C systems. In this paper, we propose a safety assessment technique of NPP I&C systems, which consists of the following procedures: 1. Analysis of I&C architecture to assess influence of OTS component failures on dependability (reliability and safety) of the system. For that purpose, FMEDA or similar techniques can be applied. As a result, three-dimension criticality matrixes (CM) (with metrics of detection, probability and severity) are developed for different components (SWFCM and HW/FPGAFCM). 2. The IMECA-based assessment of OTS components and their configuration. In this case, CMs (SWICM and HW/FPGAICM) describe the degree of failure component influence on cyber security. 3. Joining of criticality matrixes (SWFCM and HW/FPGAFCM, SWICM and HW/FPGAICM), impact analysis of components depending on degree of influence on cyber security and safety as a whole. 4. Developing of Security Assurance Case and selecting of countermeasures according to safety (cyber security)/costs criteria. The developed tool supports creation of criticality matrixes for each analyzed component of the system and I&C as a whole. Joining of criticality matrixes allows creating common matrix for system cyber security and functional safety. The tool supports decision making to optimize choice of countermeasures according to criterion of safety and security/cost criterion.

Cyber Security Assessment of NPP I&C Systems

2020 ◽  
pp. 221-238
Author(s):  
Oleksandr Klevtsov ◽  
Artem Symonov ◽  
Serhii Trubchaninov
Keyword(s):  
Control Systems ◽  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
Cyber Attacks ◽  
Security Assessment ◽  
Nuclear Facilities ◽  
Security Risks ◽  
Cyber Threats ◽  
And Control

The chapter is devoted to the issues of cyber security assessment of instrumentation and control systems (I&C systems) of nuclear power plants (NPP). The authors examined the main types of potential cyber threats at the stages of development and operation of NPP I&C systems. Examples of real incidents at various nuclear facilities caused by intentional cyber-attacks or unintentional computer errors during the maintenance of the software of NPP I&C systems are given. The approaches to vulnerabilities assessment of NPP I&C systems are described. The scope and content of the assessment and periodic reassessment of cyber security of NPP I&C systems are considered. An approach of assessment to cyber security risks is described.

NPP-Smart Grid Mutual Safety and Cyber Security Assurance

2022 ◽  
pp. 1047-1077
Author(s):  
Eugene Brezhniev ◽  
Oleg Ivanchenko
Keyword(s):  
Smart Grid ◽  
Power Systems ◽  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
Mutual Influence ◽  
Electrical Power ◽  
Security Assurance ◽  
Telecommunication Systems ◽  
Interconnected Power Systems

The smart grid (SG) is a movement to bring the electrical power grid up to date so it can meet current and future requirements to fit customer needs. Disturbances in SG operation can originate from natural disasters, failures, human factors, terrorism, and so on. Outages and faults will cause serious problems and failures in the interconnected power systems, propagating into critical infrastructures such as nuclear industries, telecommunication systems, etc. Nuclear power plants (NPP) are an intrinsic part of the future smart grid. Therefore, it is of high priority to consider SG safety, mutual influence between NPP and SG, forecast possible accidents and failures of this interaction, and consider the strategies to avoid them.

NPP-Smart Grid Mutual Safety and Cyber Security Assurance

2020 ◽  
pp. 349-380
Author(s):  
Eugene Brezhniev ◽  
Oleg Ivanchenko
Keyword(s):  
Smart Grid ◽  
Power Systems ◽  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
Mutual Influence ◽  
Electrical Power ◽  
Security Assurance ◽  
Telecommunication Systems ◽  
Interconnected Power Systems

The smart grid (SG) is a movement to bring the electrical power grid up to date so it can meet current and future requirements to fit customer needs. Disturbances in SG operation can originate from natural disasters, failures, human factors, terrorism, and so on. Outages and faults will cause serious problems and failures in the interconnected power systems, propagating into critical infrastructures such as nuclear industries, telecommunication systems, etc. Nuclear power plants (NPP) are an intrinsic part of the future smart grid. Therefore, it is of high priority to consider SG safety, mutual influence between NPP and SG, forecast possible accidents and failures of this interaction, and consider the strategies to avoid them.

Cyber Security for Nuclear Power Plants

2013 ◽  
pp. 25-35
Author(s):  
Thomas Shea ◽  
Sandro Gaycken ◽  
Maurizio Martellini
Keyword(s):  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
Nuclear Power Plants

scholarly journals CS Measures for Nuclear Power Plant Protection: A Systematic Literature Review

Signals ◽  
2021 ◽  
Vol 2 (4) ◽  
pp. 803-819
Author(s):  
Nabin Chowdhury
Keyword(s):  
Literature Review ◽  
Systematic Literature Review ◽  
Cyber Security ◽  
Nuclear Power ◽  
Power Plants ◽  
New Technologies ◽  
Plant Protection ◽  
Security Requirements ◽  
Protection Measures ◽  
Defense In Depth

As digital instrumentation in Nuclear Power Plants (NPPs) is becoming increasingly complex, both attack vectors and defensive strategies are evolving based on new technologies and vulnerabilities. Continued efforts have been made to develop a variety of measures for the cyber defense of these infrastructures, which often consist in adapting security measures previously developed for other critical infrastructure sectors according to the requirements of NPPs. That being said, due to the very recent development of these solutions, there is a lack of agreement or standardization when it comes to their adoption at an industrial level. To better understand the state of the art in NPP Cyber-Security (CS) measures, in this work, we conduct a Systematic Literature Review (SLR) to identify scientific papers discussing CS frameworks, standards, guidelines, best practices, and any additional CS protection measures for NPPs. From our literature analysis, it was evidenced that protecting the digital space in NPPs involves three main steps: (i) identification of critical digital assets; (ii) risk assessment and threat analysis; (iii) establishment of measures for NPP protection based on the defense-in-depth model. To ensure the CS protection of these infrastructures, a holistic defense-in-depth approach is suggested in order to avoid excessive granularity and lack of compatibility between different layers of protection. Additional research is needed to ensure that such a model is developed effectively and that it is based on the interdependencies of all security requirements of NPPs.

Sign in / Sign up

Export Citation Format

Share Document