Research on practical application methodologies to a control system for satisfying critical cyber security requirements at nuclear power plants

Abstract

Cyber security attacks on infrastructure facilities including nuclear power plants (NPPs) have been developed and are increasing. The NPP is one of the most important infrastructure, and of the largest facilities which have diverse control systems. Thus, Cyber security should be secured and enhanced by satisfying required regulatory requirements. Cyber security requirements of many operating NPPs have not been required or considered at the time of design. In addition, there are critical restrictions that the application of cyber security to operating systems should not affect safety, their functions, or design change at all. NPP’s Regulatory documents require cyber security requirements for critical digital assets, including control systems. Many engineers have difficulty in understanding nuclear cyber security technology described in the regulatory document, and there is insufficient research to date. Thus, there is no certainty about how to apply it to NPP’s. this dissertation compares nuclear cyber security with IT cyber security, and analyze the difficult contents of requirements correctly. this dissertation also found the complementary points in NPP’s cyber security system and proposes applicable practical methodologies such as assurance system. The Regulatory Guide (RG) 5.71 requires 147 requirements and RS015 requires 101 requirements. In this regard, this dissertation researches critical cyber security requirements: cryptographic validation, challenge-response authentication, discovering potential vulnerabilities, which have not been developed and considered and most difficult for nuclear engineers. Related contents and practical methodologies are newly analyzed, discovered and proposed in this dissertation. this dissertation describes practical application methodologies to satisfy nuclear cyber security requirements and proves the validity of them by testing them on the real nuclear control system. The proposed methodologies also are expected to contribute to increase research activities on satisfying cyber security requirements in many infrastructure’s facilities including NPPs.