Development of a methodology for quantifying the amount of additional S/W V&V processes: When cyber security techniques are applied to NPP I&C systems

Abstract

Although the verification of the adverse effect of the security techniques is essential, there has been no research or guide for the verification process in the nuclear industry. A methodology for quantifying the amount of additional V&V processes when security techniques are applied is proposed as a research objective. Based on the analysis of the impact of application of security techniques on V&V process, the adverse effect to be focused is limited to the increase of S/W faults. The impact was quantified as the degree of increase of SFP, and the amount of additional V&V tests for compensating the increased SFP can be obtained. With this regards, the number of additionally required tests is suggested as a quantitative indicator for the impact of application of security techniques on S/W V&V processes. However, there are some limitations to quantify the additional S/W V&V processes when security techniques are applied. The relationship between complexity level and probability of fault elimination need to be elaborated. In addition to software test process, sub-processes that can compensate for the increased SFP should be investigated.