JOURNAL BROWSE
Search
Advanced SearchSearch Tips
Implementation Plan and Requirements Analysis of Access Control for Cyber Security of Nuclear Power Plants
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
 Title & Authors
Implementation Plan and Requirements Analysis of Access Control for Cyber Security of Nuclear Power Plants
Kim, Do-Yeon;
  PDF(new window)
 Abstract
The Nuclear Power Plants(: NPP) are being protected as national infrastructure, and instrumentation and control(: I&C) systems are one of the principle facilities of the NPP, which perform the protection, control, and monitoring function. The I&C systems are being evolved into digitalization based on computer and network technology from analog system. In addition, the I&C systems are mostly employ the specialized logic controllers which are dedicated for the NPP, but the usage of generalized IT resources are steadily increased. The cyber security issues for the NPP are being emerged due to cyber incidents by Stuxnet and various accidents in the NPP. In this paper, hybrid access control model is proposed which are applicable to I&C system by analyzing the access control requirements specified in regulatory guides. The safety of in-service and under construction of NPP are effectively increased by applying proposed hybrid model.
 Keywords
Cyber Security of Nuclear Power Plants;Access Control;Stuxnet;
 Language
Korean
 Cited by
 References
1.
M. Chung, W. Ahn, B. Min, and J. Seo, "A Study on Method to Establish Cyber Security Technical System in NPP Digital I&C," J. of the Korea Institute of Information Security & Cryptology, vol. 24, no. 3, 2014, pp. 561-570. crossref(new window)

2.
Y. Choi, Y. Choi, J. Lee, J. Cho, I. Koo, and S. Hong, "Study on the Construction of Cyber Security for the Nuclear Power Plants," Fall Conf. from Korea Society of IT Services, vol. 16, Seoul, Korea, Nov., 2009, pp. 537-538.

3.
Y. Cha, B. Cho, and J. Na, "Security Technology Trends and Prospective of Industrial Control System," KEIT (Korea Evaluation Institute of Industrial Technology) PD Issue Report, vol. 13, no. 6, Jun., 2013, pp. 79-100.

4.
D. Kim, "Security Criteria for Design and Evaluation of Secure Plant Data Network on Nuclear Power Plants," J. of the Korea Institute of Electronic Communication Sciences, vol. 9, no. 2, 2013, pp. 267-271.

5.
D. Kim, "Vulnerability Analysis for Industrial Control System Cyber Security," J. of the Korea Institute of Electronic Communication Sciences, vol. 9, no. 1, 2013, pp. 137-142.

6.
I. Koo, K. Kim, S. Hong, G. Park, and J. Park, "Digital Asset Analysis Methodology against Cyber Threat to I&C System in NPP," J. of the Korea Institute of Electronic Communication Sciences, vol. 6, no. 6, 2011, pp. 839-847.

7.
N. Falliere, L. O. Murchu, and E. Chien, Win32.stuxnet Dossier. Cupertino, CA, USA, Symantec Security Response, 2011.

8.
NRC Information Notice 2003-14, "Potential Vulnerability of Plant Computer Network to Worm Infection," Nuclear Regulatory Commission, Mar., 2003.

9.
NRC Information Notice 2007-15, "Effects of Ethernet based, no-safety related controls on the safe and continued operation of nuclear power stations," Nuclear Regulatory Commission, Sep., 2007.

10.
US NRC, "Cyber Security Programs for Nuclear Power Facilities," NRC Regulatory Guide 5.71, Jan., 2010.

11.
C. Park, "Current Status for Cyber Security of Nuclear Power Plants and Long-term R&D Strategy", J. of Electrical World, vol. 430, 2012, pp. 59-65.

12.
C. Lee, "Trend of Technology of instrumentation and control system in Nuclear Power Plants," J. of The Korea Institute of Information Security & Cryptology, vol. 22, no. 5, 2012, pp. 28-34.

13.
W. Stallings and L. Brown, Computer Security - principles and practice, 2nd ed. Essex: Pearson Education, 2012.

14.
D. Lee, C. Lee, I. Hwang, and I. Oh, "Development of the Digital Reactor Safety Systems," Korea Atomic Energy Research Institute: Daejeon, Technical Report KAERI/RR-2914, Apr, 2007.

15.
IEC Std. 62351-8, Power System Management associated information exchange - Data and Communication Security - Part 8 : Role-based Access Control. International Electronical Committee, Geneva, Switzerland, 2014.