Acknowledgement
This work was supported by a grant from the Korea Ministry of Science and ICT, under the establishment and operation of cyber security attack response system at national nuclear facilities. (Project Number: 524480-20).
References
- M. Betts, J. Stirland, F. Olajide, K. Jones, H. Janicke, Developing a state of the art methodology & toolkit for ICS SCADA forensics, Int. J. Ind. Control Syst. Secur. 1 (2016) 44-56.
- U.P.D. Ani, H. He, A. Tiwari, Review of cybersecurity issues in industrial critical infrastructure: manufacturing in perspective, J. Cyber Secur. Technol. 1 (2017) 32-74, https://doi.org/10.1080/23742917.2016.1252211.
- T. Hayashi, A. Kojima, T. Miyazaki, N. Oda, K. Wakita, T. Furusawa, Application of FPGA to nuclear power plant I&C systems, in: H. Yoshikawa, Z. Zhang (Eds.), Progress of Nuclear Safety for Symbiosis and Sustainability, 2014, pp. 41-47, https://doi.org/10.1007/978-4-431-54610-8.
- J.G. Song, J.W. Lee, C.K. Lee, K.C. Kwon, D.Y. Lee, A cyber security risk assessment for the design of L&C systems in nuclear power plants, Nucl. Eng. Technol. 44 (2012) 919-928, https://doi.org/10.5516/NET.04.2011.065.
- F. Li, Z. Yang, Z. An, L. Zhang, The first digital reactor protection system in China, Nucl. Eng. Des. 218 (2002) 215-225, https://doi.org/10.1016/S0029-5493(02)00193-0.
- S. Collins, S. McCombie, Stuxnet: the emergence of a new cyber weapon and its implications, J. Polic. Intell. Count. Terror. 7 (2012) 80-91, https://doi.org/10.1080/18335330.2012.653198.
- G. Liang, S.R. Weller, J. Zhao, F. Luo, Z.Y. Dong, The 2015 Ukraine blackout: implications for false data injection attacks, IEEE Trans. Power Syst. 32 (2017) 3317-3318, https://doi.org/10.1109/TPWRS.2016.2631891.
- NCCIC, Malware analysis MAR-17-352-01 HatMan - Safety System Targeted Malware (Update B). https://www.us-cert.gov/sites/default/files/documents/MAR-17-352-01 HatMan - Safety System Targeted Malware %28Update B%29.pdf, 2019.
- E. Dilipraj, Supposed cyber attack on Kudankulam nuclear infrastructure - A benign reminder of a possible reality, 2019, pp. 1-5.
- V. de Vasconcelos, W.A. Soares, A.C.L. da Costa, A.L. Raso, Deterministic and Probabilistic Safety Analyses, Academic Press, 2019, https://doi.org/10.1016/b978-0-12-815906-4.00002-6.
- S. Tolo, J. Andrews, Nuclear facilities and cyber threats, in: M. Beer, E. Zio (Eds.), Proceedings of the 29th European Safety and Reliability Conference, Research Publishing, Hannover, Germany, 2019, pp. 1-10.
- J. Peterson, M. Haney, R.A. Borrelli, An overview of methodologies for cybersecurity vulnerability assessments conducted in nuclear power plants, Nucl. Eng. Des. 346 (2019) 75-84, https://doi.org/10.1016/j.nucengdes.2019.02.025.
- K.T.C. Youngdoo Kang, Development of cyber security assessment methodology for the instrumentation and control systems in NPPs.pdf, J. Korea Acad. Ind. Coop. Soc. 11 (2010) 3451-3457. https://doi.org/10.5762/KAIS.2010.11.9.3451
- J. Shin, H. Son, R. Khalil Ur, G. Heo, Development of a cyber security risk model using Bayesian networks, Reliab. Eng. Syst. Saf. 134 (2015) 208-217, https://doi.org/10.1016/j.ress.2014.10.006.
- W. Ahn, M. Chung, B.G. Min, J. Seo, Development of cyber-attack scenarios for nuclear power plants using scenario graphs, Int. J. Distributed Sens. Netw. (2015) 1-12, https://doi.org/10.1155/2015/836258.
- J.W. Park, S.J. Lee, Development of cyber-attack risk assessment model for nuclear power plants, in: Transactions of the Korean Nuclear Society virtual spring meeting, Jeju, Korea, 2017.
- T. Limba, T. Pleta, K. Agafonov, M. Damkus, Cyber security management model for critical infrastructure, Entrep. Sustain. Issues 4 (2017) 559-573, https://doi.org/10.9770/jesi.2017.4.4(12).
- J.G. Song, J.W. Lee, G.Y. Park, K.C. Kwon, D.Y. Lee, C.K. Lee, An analysis of technical security control requirements for digital I&C systems in nuclear power plants, Nucl. Eng. Technol. 45 (2013) 637-652, https://doi.org/10.5516/NET.04.2012.091.
- J. Shin, H. Son, G. Heo, Cyber security risk evaluation of a nuclear I&C using BN and ET, Nucl. Eng. Technol. 49 (2017) 517-524, https://doi.org/10.1016/j.net.2016.11.004.
- C. Schmittner, T. Gruber, P. Puschner, E. Schoitsch, Security application of failure Mode and effect analysis (FMEA), in: International Conference on Computer Safety, Reliability, and Security, 2014, pp. 310-325, https://doi.org/10.1007/978-3-319-10506-2.
- I. Nai Fovino, M. Masera, A. De Cian, Integrating cyber attacks within fault trees, Reliab. Eng. Syst. Saf. 94 (2009) 1394-1402, https://doi.org/10.1016/j.ress.2009.02.020.
- G. Macher, H. Sporer, R. Berlach, E. Armengaud, C. Kreiner, SAHARA: a security-aware hazard and risk analysis method, in: 2015 Design, Automation & Test in Europe Conference & Exhibition (DATE), EDAA, 2015, pp. 621-624, https://doi.org/10.7873/date.2015.0622.
- C. Raspotnig, P. Karpati, V. Katta, A combined process for elicitation and analysis of safety and security requirements, in: Enterprise, Business-Process and Information Systems Modeling, 2012, pp. 347-361, https://doi.org/10.1007/978-3-642-31072-0.
- I. Friedberg, K. McLaughlin, P. Smith, D. Laverty, S. Sezer, STPA-SafeSec: safety and security analysis for cyber-physical systems, J. Inf. Secur. Appl. 34 (2017) 183-196, https://doi.org/10.1016/j.jisa.2016.05.008.
- D. Pereira, C. Hirata, R. Pagliares, S. Nadjm-Tehrani, Towards combined safety and security constraints analysis, in: International Conference on Computer Safety, Reliability and Security, 2017, pp. 70-80, https://doi.org/10.1007/978-3-319-66284-8.
- W.G. Temple, Y. Wu, B. Chen, Z. Kalbarczyk, Reconciling systems-theoretic and component-centric methods for safety and security Co-analysis, in: International Conference on Computer Safety, Reliability and Security, 2017, pp. 87-93, https://doi.org/10.1007/978-3-319-66284-8.
- J. Yu, F. Luo, A systematic approach for cybersecurity design of in-vehicle network systems with trade-off considerations, Secur. Commun. Network. (2020) 1-14, https://doi.org/10.1155/2020/7169720.
- H. Singh, J. Singh, Penetration testing in wireless, Int. J. Adv. Res. Comput. Sci. 8 (2017) 2213-2216.
- D. Hossain, M. Alam, S. Islam, Integrated safety and cyber security analysis for building sustainable cyber physical system AT nuclear power PLANTS: a systems theory approach, in: International Conference on Nuclear Security, 2020, Vienna, Austria, 2020.
- H. Wang, M.J. Peng, P. Wu, S.Y. Cheng, Improved methods of online monitoring and prediction in condensate and feed water system of nuclear power plant, Ann. Nucl. Energy 90 (2016) 44-53, https://doi.org/10.1016/j.anucene.2015.11.037.
- S.E. Shcheklein, O.L. Tashlykov, A.M. Dubinin, Improving the energy efficiency of NPP, Nucl. Energy Technol. 2 (2016) 30-36, https://doi.org/10.1016/j.nucet.2016.03.006.
- J. Song, J. Lee, C. Lee, C. Lee, J. Shin, I. Hwang, J. Choi, Development of hardware in the loop system for cyber security training in nuclear power plants, J. Korea Inst. Inf. Secur. Cryptol. 29 (2019) 867-875, https://doi.org/10.13089/JKIISC.2019.29.4.867.
- J. Shin, J. Lee, Y. Lee, J. Son, J. Choi, A study of cyber-attack impact to condenser test-bed by using STPA-SafeSec, in: Transactions of the Korean Nuclear Society Virtual Spring Meeting, 2020.
- R.A.B.E. Silva, K. Shirvan, J.R.C. Piqueira, R.P. Marques, Development of the Asherah nuclear power plant simulator for cyber security assessment, in: International Conference on Nuclear Security, Vienna, Austria, 2020, pp. 1-10.
- K. Stouffer, V. Pillitteri, S. Lightman, M. Abrams, A. Hahn, Guide to Industrial Control Systems (ICS) Security NIST Special Publication 800-82 Revision 2. http://industryconsulting.org/pdfFiles/NISTDraft-SP800-82.pdf, 2015.
- CISA, Cyber Threat Source Descriptions, CYBERSECURITY Infrastruct. Secur. AGENCY. (n.d.). https://us-cert.cisa.gov/ics/content/cyber-threat-source-dscriptions.
Cited by
- A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments vol.7, 2021, https://doi.org/10.1016/j.egyr.2021.08.126