Acknowledgement
This work was supported by the Nuclear Safety Research Program through the Korea Foundation Of Nuclear Safety (KoFONS) using the financial resource granted by the Nuclear Safety and Security Commission (NSSC) of the Republic of Korea. (No. 2101056).
References
- Hemsley Kevin, Ronald Fisher, A History of Cyber Incidents and Threats Involving Industrial Control Systems, 12th International Conference on Critical Infrastructure Protection, ICCIP), Arlington, VA, United States, Mar. 2018, pp. 215-242.
- U.S. Code, Of Federal Regulations, Title 10, Part 73.54, Protection of digital computer and communication systems and networks, Mar 27 (2009).
- U.S., Nuclear Regulatory Commission, Regulatory Guide 5.71, Cyber Security Programs for Nuclear Facilities, January, 2010.
- Nuclear Energy Institute, NEI 08-09, cyber security plan for nuclear power reactors, Rev. 6 (April 2010).
- Nuclear Energy Institute, NEI 10-04, identifying systems and assets subject to the cyber security rule, Rev. 2 (July 2012).
- Nuclear Energy Institute, NEI 13-10, cyber security control assessments, Rev. 6 (August 2017).
- Eggers Shannon, Katya Le Blanc, Security of cyber risk analysis techniques for use in the nuclear industry, Prog. Nucl. Energy 140 (2021), 103908.
- National Vulnerability Database [website], https://www.nist.gov/programsprojects/national-vulnerability-database-nvd, 2022.
- CERT Coordination Center [Website], https://www.kb.cert.org/vuls/, 2022.
- N.G. Levson, Engineering a safe world, in: System Thinking Applied to Safety, the MIT Press, Cambridge, MA, USA, 2011.
- Nancy Leveson, A New Approach to Hazard Analysis for Complex Systems, International Conference of the System Safety Society, 2003.
- William Young, Nancy Leveson, Systems thinking for safety and security, in: Proceeding ACSAC'13, ACM Press, 2013, pp. 1-8.
- Ivo Friedberg, Kieran McLaughlin, Paul Smith, David Laverty, Sakir Sezer, STPA-SafeSec, Safety and security analysis for cyber-physical systems, J. Inf. Secur. Appl. 34 (2017) 183-196.
- Christoph Schmittner, Zhendong Ma, Peter Puschner, Limitation and improvement of STPA-sec for safety and security Co-analysis, in: Lecture Notes in Computer Science, 9923, LNCS, 2016, pp. 195-209.
- IEC 60812, Analysis Techniques for System Reliability - Procedure for Failure Mode and Effects, Analysis (FMEA).
- IEEE standard 352, in: IEEE Guide for General Principles of Reliability Analysis of Nuclear Power, Generating Station Systems and Other Nuclear Facilities, 2016.
- Christoph Schmittner, Thomas Gruber, Peter Puschner, Erwin Schoitsch, Security Application of Failure Mode and Effect Analysis (FMEA), SAFECOMP, 2014.
- Vidhyashree Nagaraju, Lance Fiondella, Thierry Wandji, A Survey of Fault and Attack Tree Modeling and Analysis for Cyber Risk Management, 2017 International Symposium on Technologies for Homeland Security, 2017.
- Igor Nai Fovino, Alessio Marcelo Masera, Alessio De Cian, Integrating cyber attacks within fault trees, Reliab. Eng. Syst. Saf. 94 (2009) 1394-1402. https://doi.org/10.1016/j.ress.2009.02.020
- H. Abdo, M. Kaouk, J.-M. Flaus, F. Masse, A safety/security risk analysis approach of Industrial Control Systems: a cyber bowtie - combining new version of attack tree with bowtie analysis, Comput. Secur. 72 (2018) 175-195. https://doi.org/10.1016/j.cose.2017.09.004
- Georg Macher, Harald Sporer, Reinhard Berlach, Eric Armengaud, Christian Kreiner, SAHARA: a security-aware hazard and risk analysis method, in: Design, Automation & Test in Europe Conference & Exhibition, 2015.
- Georg Macher, Andrea Holler, Harald Sporer, Eric Armengaud, Christian Kreiner, A combined safety-hazards and security-threat analysis method for automotive systems, Lect. Notes Comput. Sci. 9338 (2015) 237-250.
- ISO - International Organization for Standardization, ISO 26262 Road Vehicles Functional Safety Part 1-10, 2011.
- Rami Debouk, J. Jeff, Joyce, ISO, Hazard and Risk Assessment Methodology, International System Safety Conference, 2010, 26262.
- Rafiullah Khan, Kieran McLaughlin, David Laverty, Sakir Sezer, STRIDE-Based threat modeling for cyber-physical systems, in: 2017 IEEE PES: Innovative Smart Grid Technologies Conference Europe, ISGT-Europe), 2017.
- Jinsoo Shin, , Jong-Gyun Choi, Jung-Woon Lee, Cheol-Kwon Lee, Jae-Gu Son, Application of STPA-SafeSec for a cyber-attack impact analysis of NPPs with a condensate water system test-bed, Nucl. Eng. Technol. 53 (2021) 3319-3326. https://doi.org/10.1016/j.net.2021.04.031
- Jinsoo Shin, Hanseong Son, Gyunyoung Heo, Cyber security risk evaluation of a nuclear I&C using BN and ET, Nucl. Eng. Technol. 49 (2017) 517-524. https://doi.org/10.1016/j.net.2016.11.004
- Jong Woo Park, Seung Jun Lee, A quantitative assessment framework for cyber-attack scenario on nuclear plants using relative difficulty and consequence, Ann. Nucl. Energy 142 (2020), 107432.
- EPRI, Cyber Security Technical Assessment Methodology, Risk Informed Exploit Sequence Identification, vol. 1, Rev., 2018. Technical Report.
- NIST, Guide for conducting risk assessments, NIST SP 800-30, Rev. 1 (2012).
- Common Vulnerability Scoring System Calculator [Website], https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator, 2022.
- Nancy G. Leveson, John P. Thomas, STPA Handbook, March 2018.
- Seo-Ryong Koo, Seop Hur, Chang-Hwoi Kim, Design Features of Reactor Protection System for SMART, Transaction of the Korea Nuclear Society Spring Meeting, Jeju, Korea, May, 2018.
- Kwang-Seop Son, Dong-Hoon Kim, , Chang-Hwoi Kim, Hyun-Gook Kang, Study on the systematic approach of Markov modeling for dependability analysis of complex fault-tolerant features with voting logics, Reliab. Eng. Syst. Saf. 150 (2016) 44-57. https://doi.org/10.1016/j.ress.2016.01.014
- Dong-Hoon Kim, System Requirements for Reactor Protection System, NTIPRPS-Sr101, Rev.1, KAERI Design Report, 2015.
- Stouffer Keith, Victoria Pillitteri, Marshall Abrams, Adam Hahn, Guide to Industrial Control Systems (ICS) Security, NIST SP 800-82, Rev, vol. 2, May 2015.
- NEI, Addressing cyber security controls for nuclear power reactors, NEI 10-09, Rev. (2011), 0.
- C. H. Kim et al. Digital Plant Protection System in Nuclear Power Plant, Korea Patent (KR20010076542A).
- Seimens, Security with SIMATIC Controller, V2.0, 2016.
- NIST, Framework for improving critical infrastructure cybersecurity, Rev. 1.1 (April 2018).
- In-kyung Kim, Ye-eun Byun, Kook-heui Kwon, Analysis of the application method of cyber security control to develop regulatory requirement for digital assets in NPP, J. Korea Inst. Informat. Secur. Cryptol. 29 (2019) 1077-1088.