• 한국원자력학회:학술대회논문집
• /
• 한국원자력학회 2005년도 추계학술발표회
• /
• pp.1019-1020
• /
• 2005

• Nuclear Engineering and Technology
• /
• 제54권7호
• /
• pp.2467-2474
• /
• 2022

Nuclear Power Plants (NPPs) are the most protected facilities among all critical infrastructures (CIs). In addition to physical security, cyber security becomes a significant concern for NPPs since swift digitalization and overreliance on computer-based systems in the facility operations transformed NPPs into targets for cyber/physical attacks. Despite technical competencies, humans are still the central component of a resilient NPP to develop an effective nuclear security culture. Turkey is one of the newcomers in the nuclear energy industry, and Turkish Akkuyu NPP has a unique model owned by an international consortium. Since Turkey has limited experience in nuclear energy industry, specific multinational and multicultural characteristics of Turkish Akkuyu NPP also requires further research in terms of the Facility's prospective nuclear security. Yet, the link between "national cultures" and "nuclear security" is underestimated in nuclear security studies. By relying on Hofstede's national culture framework, our research aims to address this gap and explore possible implications of cross-national cultural differences on nuclear security. To cope with security challenges in the age of hybrid threats, we propose a security management model which addresses the need for cyber-physical security integration to cultivate a robust nuclear security culture in a multicultural working environment.

• 한국원자력학회:학술대회논문집
• /
• 한국원자력학회 2005년도 추계학술발표회
• /
• pp.1009-1010
• /
• 2005

• Nuclear Engineering and Technology
• /
• 제46권1호
• /
• pp.47-54
• /
• 2014

The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

• Nuclear Engineering and Technology
• /
• 제54권4호
• /
• pp.1245-1252
• /
• 2022

As regulatory bodies require full implementation of security controls in nuclear power plants (NPPs), security functions for critical digital assets are currently being developed. For the ultimate introduction of security controls, not alternative measures, it is important to understand the relationship between possible cyber threats to NPPs and security controls to prevent them. To address the effectiveness of the security control implementation, this study investigated the types of cyber threats that can be prevented when the security controls are implemented through the mapping of the reorganized security controls in RS-015 to cyber threats on NPPs. Through this work, the cyber threat that each security control can prevent was confirmed, and the effectiveness of several strategies for implementing the security controls were compared. This study will be a useful reference for utilities or researchers who cannot use design basis threat (DBT) directly and be helpful when introducing security controls to NPPs that do not have actual security functions.

• Nuclear Engineering and Technology
• /
• 제51권6호
• /
• pp.1696-1707
• /
• 2019

This paper conducts a qualitative policy analysis of current challenges to safety culture and security culture in Southeast Asia and emerging best practices in Northeast Asia that are aimed at strengthening both cultures. It analyses lessons, including strengths and limitations, that can be derived from Northeast Asian states, given the long history of nuclear energy in South Korea, China and Japan. It identifies and examines best practices from Northeast Asia's Nuclear Security Centres of Excellence in terms of boosting nuclear security culture and their relevance for Southeast Asia. The paper accentuates the important role of the State in adopting policy and regulatory frameworks and in institutionalising nuclear education and training programmes to deepen the safety-security cultures. Best practices in and challenges to developing a nuclear safety culture and a security culture in East Asia are examined using three frameworks of analysis (i) a comprehensive nuclear policy framework; (ii) a proactive and independent regulatory body; and (iii) holistic nuclear education and training programmes. The paper argues that Southeast Asian states interested in harnessing nuclear energy and/or utilising radioactive sources for non-power applications must develop a comprehensive policy framework on developing safety and security cultures, a proactive regulatory body, and holistic nuclear training programmes that cover both technical and human factors. Such measures are crucial in order to mitigate human errors that may lead to radiological accidents and nuclear security crises. Key lessons from Japan, South Korea and China such as best practices and challenges can inform policy recommendations for Southeast Asia in enhancing safety-security cultures.

• Nuclear Engineering and Technology
• /
• 제49권3호
• /
• pp.517-524
• /
• 2017

Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

• Nuclear Engineering and Technology
• /
• 제51권7호
• /
• pp.1791-1798
• /
• 2019

Instrumentation and Control (I&C) systems of nuclear power plants (NPPs) have been continuously digitalized. These systems have a critical role in the operation of nuclear facilities by functioning as the brain of NPPs. In recent years, as cyber security threats to NPP systems have increased, regulatory and policy-related organizations around the world, including the International Atomic Energy Agency (IAEA), Nuclear Regulatory Commission (NRC) and Korea Institute of Nuclear Nonproliferation and Control (KINAC), have emphasized the importance of nuclear cyber security by publishing cyber security guidelines and recommending cyber security requirements for NPP facilities. As described in NRC Regulatory Guide (Reg) 5.71 and KINAC RS015, challenge response authentication should be applied to the critical digital I&C system of NPPs to satisfy the cyber security requirements. There have been no cases in which the most robust response authentication technology like challenge response has been developed and applied to nuclear I&C systems. This paper presents a challenge response authentication mechanism for a Programmable Logic Controller (PLC) system used as a control system in the safety system of the Advanced Power Reactor (APR) 1400 NPP.

• Nuclear Engineering and Technology
• /
• 제42권3호
• /
• pp.231-236
• /
• 2010

The growth in global energy demand and the increased recognition of the impacts of carbon dioxide emissions from fossil fuel plants have aroused a renewed interest on nuclear energy. Many countries are looking afresh at building more nuclear power stations to deal with the twin problems of global warming and the need for more generating capacity. Many in the nuclear community are also anticipating a significant growth of new nuclear generation in the coming decades. If there is a nuclear renaissance, will the expansion of nuclear power be compatible with global non-proliferation and security? or will it add to the environmental burden from the large inventory of spent nuclear fuel already produced in existing nuclear power reactors? We learn from past peaceful nuclear activities that significant concerns associated with nuclear proliferation and spent-fuel management have resulted in a decrease in public acceptance for nuclear power in many countries. The terrorist attack in the United States (US) on September 11, 2001 also raised concern for security and worry that nuclear materials may fall into the wrong hands. As we increase the use of nuclear power, we must simultaneously reduce the proliferation, security and environmental risks in managing spent-fuel below where they are today.

• 융합보안논문지
• /
• 제17권3호
• /
• pp.73-81
• /
• 2017

2009년 4월 미국 오바마 대통령의 프라하 연설을 계기로 국제사회는 핵안보 증진과 핵테러리즘 저지를 위해 2010년부터 2016년까지 4차례의 핵안보정상회의를 개최하였다. 핵안보정상회의는 테러리스트들이 핵무기 또는 핵 분열성 물질의 획득 노력을 저지하기 위한 중대한 진전을 이루었으나 여전히 한계와 문제점을 남겼다. 이를 해결하기 위한 향후 국제 사회의 과제는 첫째, 양자간 협력과 다자간 핵안보 레짐 강화를 위한 공동의 노력을 재개하고, 참가국은 자국의 핵물질 방호와 핵시설 보안을 위한 공약 이행을 위해 노력해야한다. 둘째, 4차 핵안보정상회의에서 채택된 5개 행동계획에 따라 유엔, 국제원자력기구, 국제형사경찰기구(인터폴), 세계핵테러방지구상, 글로벌파트너십은 지속적인 핵안보 증진을 위해 임무를 수행해야한다. 셋째, 참가국들은 핵안보정상회의에서 다루지 못했던 군수용 핵물질의 관리와 방호에 대한 논의를 시작해야한다. 넷째, 핵안보의 국제법적 기반인 개정 핵물질방호협약과 핵테러억제협약의 이행을 강화하고, 핵시설에 대한 사이버 공격 대비 및 핵물질의 도난 불법거래 사보타주 저지를 위해 노력해야한다.