Compliance-Driven Cybersecurity Planning Based on Formalized Attack Patterns for Instrumentation and Control Systems of Nuclear Power Plants

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 52
  • Download : 0
The instrumentation and control (I&C) system of a nuclear power plant (NPP) employs a cybersecurity program regulated by the government. Through regulation, the government requires the implementation of security controls in order for a system to be developed and operated. Accordingly, the licensee of an NPP works to comply with this requirement, beginning in the development phase. The compliance-driven approach is efficient when the government supervises NPPs, but it is inefficient when a licensee constructs them. The security controls described in regulatory guidance do not consider system characteristics. In other words, the development organization spends a considerable amount of time excluding unnecessary control items and preparing the evidence to justify their exclusion. In addition, security systems can vary according to the developer's level of security knowledge, leading to differences in levels of security between systems. This paper proposes a method for a developer to select the appropriate security controls when preparing the security requirements during the early development phase; it is designed to ensure the system's security and reduce the cost of excluding unnecessary security controls. We have formalized the representation of attack patterns and security control patterns and identified the relationships between these patterns. We conducted a case study applying RG 5.71 in the Plant Protection System (PPS) to confirm the validity of the proposed method.
Publisher
WILEY-HINDAWI
Issue Date
2022-01
Language
English
Article Type
Article
Citation

SECURITY AND COMMUNICATION NETWORKS, v.2022

ISSN
1939-0114
DOI
10.1155/2022/4714899
URI
http://hdl.handle.net/10203/297002
Appears in Collection
CS-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0