• Proceedings of the Korean Nuclear Society Conference
• /
• 2005.10a
• /
• pp.1019-1020
• /
• 2005

• Nuclear Engineering and Technology
• /
• v.54 no.7
• /
• pp.2467-2474
• /
• 2022

Nuclear Power Plants (NPPs) are the most protected facilities among all critical infrastructures (CIs). In addition to physical security, cyber security becomes a significant concern for NPPs since swift digitalization and overreliance on computer-based systems in the facility operations transformed NPPs into targets for cyber/physical attacks. Despite technical competencies, humans are still the central component of a resilient NPP to develop an effective nuclear security culture. Turkey is one of the newcomers in the nuclear energy industry, and Turkish Akkuyu NPP has a unique model owned by an international consortium. Since Turkey has limited experience in nuclear energy industry, specific multinational and multicultural characteristics of Turkish Akkuyu NPP also requires further research in terms of the Facility's prospective nuclear security. Yet, the link between "national cultures" and "nuclear security" is underestimated in nuclear security studies. By relying on Hofstede's national culture framework, our research aims to address this gap and explore possible implications of cross-national cultural differences on nuclear security. To cope with security challenges in the age of hybrid threats, we propose a security management model which addresses the need for cyber-physical security integration to cultivate a robust nuclear security culture in a multicultural working environment.

• Proceedings of the Korean Nuclear Society Conference
• /
• 2005.10a
• /
• pp.1009-1010
• /
• 2005

• Nuclear Engineering and Technology
• /
• v.46 no.1
• /
• pp.47-54
• /
• 2014

The protection of nuclear safety software is essential in that a failure can result in significant economic loss and physical damage to the public. However, software security has often been ignored in nuclear safety software development. To enforce security considerations, nuclear regulator commission recently issued and revised the security regulations for nuclear computer-based systems. It is a great challenge for nuclear developers to comply with the security requirements. However, there is still no clear software development process regarding security activities. This paper proposes an integrated development process suitable for the secure development requirements and system security requirements described by various regulatory bodies. It provides a three-stage framework with eight security activities as the software development process. Detailed descriptions are useful for software developers and licensees to understand the regulatory requirements and to establish a detailed activity plan for software design and engineering.

• Nuclear Engineering and Technology
• /
• v.54 no.4
• /
• pp.1245-1252
• /
• 2022

As regulatory bodies require full implementation of security controls in nuclear power plants (NPPs), security functions for critical digital assets are currently being developed. For the ultimate introduction of security controls, not alternative measures, it is important to understand the relationship between possible cyber threats to NPPs and security controls to prevent them. To address the effectiveness of the security control implementation, this study investigated the types of cyber threats that can be prevented when the security controls are implemented through the mapping of the reorganized security controls in RS-015 to cyber threats on NPPs. Through this work, the cyber threat that each security control can prevent was confirmed, and the effectiveness of several strategies for implementing the security controls were compared. This study will be a useful reference for utilities or researchers who cannot use design basis threat (DBT) directly and be helpful when introducing security controls to NPPs that do not have actual security functions.

• Nuclear Engineering and Technology
• /
• v.51 no.6
• /
• pp.1696-1707
• /
• 2019

This paper conducts a qualitative policy analysis of current challenges to safety culture and security culture in Southeast Asia and emerging best practices in Northeast Asia that are aimed at strengthening both cultures. It analyses lessons, including strengths and limitations, that can be derived from Northeast Asian states, given the long history of nuclear energy in South Korea, China and Japan. It identifies and examines best practices from Northeast Asia's Nuclear Security Centres of Excellence in terms of boosting nuclear security culture and their relevance for Southeast Asia. The paper accentuates the important role of the State in adopting policy and regulatory frameworks and in institutionalising nuclear education and training programmes to deepen the safety-security cultures. Best practices in and challenges to developing a nuclear safety culture and a security culture in East Asia are examined using three frameworks of analysis (i) a comprehensive nuclear policy framework; (ii) a proactive and independent regulatory body; and (iii) holistic nuclear education and training programmes. The paper argues that Southeast Asian states interested in harnessing nuclear energy and/or utilising radioactive sources for non-power applications must develop a comprehensive policy framework on developing safety and security cultures, a proactive regulatory body, and holistic nuclear training programmes that cover both technical and human factors. Such measures are crucial in order to mitigate human errors that may lead to radiological accidents and nuclear security crises. Key lessons from Japan, South Korea and China such as best practices and challenges can inform policy recommendations for Southeast Asia in enhancing safety-security cultures.

• Nuclear Engineering and Technology
• /
• v.49 no.3
• /
• pp.517-524
• /
• 2017

Cyber security is an important issue in the field of nuclear engineering because nuclear facilities use digital equipment and digital systems that can lead to serious hazards in the event of an accident. Regulatory agencies worldwide have announced guidelines for cyber security related to nuclear issues, including U.S. NRC Regulatory Guide 5.71. It is important to evaluate cyber security risk in accordance with these regulatory guides. In this study, we propose a cyber security risk evaluation model for nuclear instrumentation and control systems using a Bayesian network and event trees. As it is difficult to perform penetration tests on the systems, the evaluation model can inform research on cyber threats to cyber security systems for nuclear facilities through the use of prior and posterior information and backpropagation calculations. Furthermore, we suggest a methodology for the application of analytical results from the Bayesian network model to an event tree model, which is a probabilistic safety assessment method. The proposed method will provide insight into safety and cyber security risks.

• Nuclear Engineering and Technology
• /
• v.51 no.7
• /
• pp.1791-1798
• /
• 2019

Instrumentation and Control (I&C) systems of nuclear power plants (NPPs) have been continuously digitalized. These systems have a critical role in the operation of nuclear facilities by functioning as the brain of NPPs. In recent years, as cyber security threats to NPP systems have increased, regulatory and policy-related organizations around the world, including the International Atomic Energy Agency (IAEA), Nuclear Regulatory Commission (NRC) and Korea Institute of Nuclear Nonproliferation and Control (KINAC), have emphasized the importance of nuclear cyber security by publishing cyber security guidelines and recommending cyber security requirements for NPP facilities. As described in NRC Regulatory Guide (Reg) 5.71 and KINAC RS015, challenge response authentication should be applied to the critical digital I&C system of NPPs to satisfy the cyber security requirements. There have been no cases in which the most robust response authentication technology like challenge response has been developed and applied to nuclear I&C systems. This paper presents a challenge response authentication mechanism for a Programmable Logic Controller (PLC) system used as a control system in the safety system of the Advanced Power Reactor (APR) 1400 NPP.

• Nuclear Engineering and Technology
• /
• v.42 no.3
• /
• pp.231-236
• /
• 2010

The growth in global energy demand and the increased recognition of the impacts of carbon dioxide emissions from fossil fuel plants have aroused a renewed interest on nuclear energy. Many countries are looking afresh at building more nuclear power stations to deal with the twin problems of global warming and the need for more generating capacity. Many in the nuclear community are also anticipating a significant growth of new nuclear generation in the coming decades. If there is a nuclear renaissance, will the expansion of nuclear power be compatible with global non-proliferation and security? or will it add to the environmental burden from the large inventory of spent nuclear fuel already produced in existing nuclear power reactors? We learn from past peaceful nuclear activities that significant concerns associated with nuclear proliferation and spent-fuel management have resulted in a decrease in public acceptance for nuclear power in many countries. The terrorist attack in the United States (US) on September 11, 2001 also raised concern for security and worry that nuclear materials may fall into the wrong hands. As we increase the use of nuclear power, we must simultaneously reduce the proliferation, security and environmental risks in managing spent-fuel below where they are today.

• Convergence Security Journal
• /
• v.17 no.3
• /
• pp.73-81
• /
• 2017

In April 2009, in the wake of President Obama's Prague speech, the international community held four nuclear sec urity summits from 2010 to 2016 to promote nuclear security and prevent nuclear terrorism. The Nuclear Security S ummit has made significant progress in preventing terrorists from attempting to acquire nuclear weapons or fissile materials, but it still has limitations and problems. To solve this problem, the international community should resume the joint efforts for strengthening bilateral cooperation and multilateral nuclear security regime, and the participating countries should strive to protect their own nuclear materials and fulfill their commitments to secure nuclear facilitie s. Second, the United Nations(UN), the IAEA(International Atomic Energy Agency), International Criminal Police Or ganization(INTERPOL), the Global Initiative to Combat Nuclear Terrorism(GICNT), and the Global Partnership(G P) must continue their missions to promote nuclear security in accordance with the five action plans adopted at the Fourth Nuclear Security Summit. Third, the participating countries should begin discussions on the management and protection of military nuclear materials that could not be covered by the Nuclear Security Summit. Fourth, the intern ational community must strive to strengthen the implementation of the Convention on the Physical Protection of Nuc lear Material(CPPNM) Amendment and International Convention for the Suppression of Acts of Nuclear Terrori sm(ICSANT), prepare for cyber attacks against nuclear facilities, and prevent theft, illegal trading and sabotage invo lving nuclear materials.