The Journal of the Korea institute of electronic communication sciences (한국전자통신학회논문지)

Korea Institute of Electronic Communication Science (한국전자통신학회)
권호 표지
DOI QR코드

DOI QR Code

Regulatory Requirements Analysis for Development of Nuclear Power Plants Cyber Security Vulnerability Inspection Tool

원전 사이버 보안 취약점 점검 도구 개발을 위한 규제요건 분석

  • 김승현 (순천대학교 컴퓨터공학과) ;
  • 임수창 (순천대학교 컴퓨터공학과) ;
  • 김도연 (순천대학교 컴퓨터공학과)
  • Received : 2017.07.04
  • Accepted : 2017.10.18
  • Published : 2017.10.31
Download PDF
⟨ Previous Next ⟩

Abstract

The use of general IT resources in the Instrumentation and Control system(I&C) for the safety of Nuclear Power Plants(NPPs) is increasing. As a result, potential security vulnerabilities of existing IT resources may cause cyber attack to NPPs, which may cause serious consequences not only to shutdown of NPPs but also to national disasters. In order to respond to this, domestic nuclear regulatory agencies are developing guidelines for regulating nuclear cyber security regulations and expanding the range of regulatory targets. However, it is necessary to take measures to cope with not only general security problems of NPPs but also attacks specific to NPPs. In this paper, we select 42 items related to the vulnerability inspection in the contents defined in R.G.5.71 and classify it into 5 types. If the vulnerability inspection tool is developed based on the proposed analysis, it will be possible to improve the inspection efficiency of the cyber security vulnerability of the NPPs.

원전의 안전 유지를 위한 계측제어계통에 일반적인 IT 자원을 활용하는 사례가 증가하고 있다. 이에 따라 기존 IT 자원이 갖는 잠정적인 보안 취약점으로 인해 원전 사이버 보안 침해 사고가 발생할 수 있으며, 원전의 가동 중단뿐만 아니라 국가적 재난에 이르는 심각한 사고를 야기할 수 있다는 문제가 제기되고 있다. 국내 원자력 규제기관에서는 이에 대응하기 위해 원전 사이버 보안 규제지침을 개발하고 규제 대상 및 범위를 확대시키고 있지만, 원전의 일반적인 보안 문제뿐만 아니라 원전 취약점에 특화된 공격에도 대응할 수 있는 방안이 필요하다. 이에 본 논문에서는 R.G.5.71에서 규정하고 있는 내용 중 취약점 점검과 관련된 42개 항목을 선별하여 5가지의 유형으로 분류 분석하였다. 제안된 분석 내용을 바탕으로 취약점 점검 도구를 개발한다면 원전 사이버 보안 취약점 점검 효율성을 향상시킬 수 있을 것으로 판단된다.

Keywords

References

  1. G. Jeong, J. Lee, and G. Park, "Application Trend of Cyber Security in Nuclear Power Plant Measurement Control System," J. of the Korea Information Processing Society Review, vol. 19, no. 5, 2012, pp. 69-77.
  2. D. Kim, "Vulnerability Analysis for Industrial Control System Cyber Security," J. of the Korea Institute of Electronic Communication Sciences, vol. 9, no. 1, 2013, pp. 137-142. https://doi.org/10.13067/JKIECS.2014.9.1.137
  3. D. Kim, "Implementation Plan and Requirements Analysis of Access Control for Cyber Security of Nuclear Power Plants," J. of the Korea Institute of Electronic Communication Sciences, vol. 11, no. 1, 2016, pp. 1-8. https://doi.org/10.13067/JKIECS.2016.11.1.1
  4. C. Cho, W. Chung, and S. Kuo, "Cyberphysical Security and Dependability Analysis of Digital Control Systems in Nuclear Power Plants," IEEE Trans. Systems, Man, and Cybernetics: Systems, vol. 46, no. 3, 2016, pp. 356-369. https://doi.org/10.1109/TSMC.2015.2452897
  5. Nuclear Regulatory Commission, "Potential Vulnerability of Plant Computer Network to Worm Infection," Nuclear Regulatory Commission Information Notice 2003-14, Aug, 2003.
  6. Q. Zhang, C. Zhou, N. Xiong, Y. Qin, X. Li, and S. Huang, "Multimodel-Based Incident Prediction and Risk Assessment in Dynamic Cybersecurity Protection for Industrial Control Systems," IEEE Trans. Systems, Man, and Cybernetics: Systems, vol. 46, no. 10, 2016, pp. 1429-1444. https://doi.org/10.1109/TSMC.2015.2503399
  7. M. Chung, W. Ahn, B. Min, and J. Seo, "A Study on Method to Establish Cyber Security Technical System in NPP Digital I&C," J. of the Korea Institute of Information Security & Cryptology, vol. 24, no. 3, 2014, pp. 561-570. https://doi.org/10.13089/JKIISC.2014.24.3.561
  8. C. Lee, "Trend of Technology of instrumentation and control system in Nuclear Power Plants," J. of the Korea Institute of Information Security & Cryptology, vol. 22, no. 5, 2012, pp. 28-34.
  9. W. Lee, M. Chung, B. Min, and J. Seo, "Risk Rating Process of Cyber Security Threats in NPP I&C," J. of the Korea Institute of Information Security & Cryptology, vol. 25, no. 3, 2015, pp. 639-648. https://doi.org/10.13089/JKIISC.2015.25.3.639
  10. C. Park, "Current Status for Cyber Security of Nuclear Power Plants and Long-term R&D Strategy," J. of Electrical World, vol. 430, 2012, pp. 59-65.
  11. US Nuclear Regulatory Commission, "Cyber Security Programs for Nuclear Power Facilities," Nuclear Regulatory Commission Regulatory Guide 5.71, Jan., 2010.