Development of a quantitative method for evaluating the efficacy of cyber security controls in NPPs based on intrusion tolerance concpet

Abstract

Although many regulatory documents, guides, and standards have been published in the nuclear industry, there are still difficulties when it comes to deciding which security controls are needed and to defining appropriate security control requirements [11]. To evaluate the efficacy of security controls, this study has developed a measure of ‘cyber security improvement’. The ‘cyber security improvement’ is defined as the reduction ratio of the probability that a cyber attack will damage the target system. In addition, the concept of ‘intrusion tolerance system’ is applied to the measure of ‘cyber security improvement’ for ensuring the capability to protect, detect, respond and recover from cyber attacks. To estimate the ratio of the failure probability of the resistance strategy between a baseline system and an enhanced system, the concept of ‘mean time to compromise’ is adopted, and the adopted model is revised in accordance with the method. The validity of the suggested method is proven by conducting a case study. The suggested method can help assess how much system security can be improved by specific cyber security controls and which types of additional cyber security controls should be taken. However, this work has some limitations in estimating the efficacy of cyber security controls. The methods for obtaining the probabilities of detection strategy and the mitigation strategy need to be elaborated. Also, the verification and validation of the suggested method need to be improved.