A Cybersecurity Risk Assessment Method and its Application for Instrumentation and Control Systems in Nuclear Power Plants

被引：2

作者：

Tian, Y. ^{[1
]}

Li, J. ^{[1
]}

Huang, X. ^{[1
]}

机构：

[1] Tsinghua Univ, Inst Nucl & New Energy Technol, Key Lab Adv Reactor Engn & Safety, Minist Educ, Beijing 100084, Peoples R China

来源：

IFAC PAPERSONLINE | 2022年 / 55卷 / 09期

基金：

中国国家自然科学基金;

关键词：

NPP; I&C System; Cyber Security; Risk Assessment; SECURITY;

D O I：

10.1016/j.ifacol.2022.07.042

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

As the digitalization of instrumentation and control (I&C) systems in nuclear power plants (NPPs), the stability of systems has been increased and the economic benefits have been improved. However, the cybersecurity issues are emerging and a practical risk assessment method for I&C systems is in urgent need. In this paper, a risk assessment method combining quantitative and qualitative analysis for I&C systems in NPPs is proposed, referring to a Chinese national standard GB/T 36466-2018. According to the standard, the protection capability is considered as the fourth element contributing to the risk along with the asset, the threat, and the vulnerability. We also apply the proposed risk assessment method to an actual I&C system. The results show that the method provides an applicable and effective means of risk assessment for I&C systems in NPPs. Copyright (C) 2022 The Authors.

引用

页码：238 / 243

页数：6

共 15 条

[1] A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie - combining new version of attack tree with bowtie analysis [J].

Abdo, H. ;

Kaouk, M. ;

Flaus, J. -M. ;

Masse, F. .

COMPUTERS & SECURITY, 2018, 72 :175-195

[2] A review of cyber security risk assessment methods for SCADA systems [J].

Cherdantseva, Yulia ;

Burnap, Pete ;

Blyth, Andrew ;

Eden, Peter ;

Jones, Kevin ;

Soulsby, Hugh ;

Stoddart, Kristan .

COMPUTERS & SECURITY, 2016, 56 :1-27

[3] Cyberphysical Security and Dependability Analysis of Digital Control Systems in Nuclear Power Plants [J].

Cho, Chi-Shiang ;

Chung, Wei-Ho ;

Kuo, Sy-Yen .

IEEE TRANSACTIONS ON SYSTEMS MAN CYBERNETICS-SYSTEMS, 2016, 46 (03) :356-369

[4] STPA-SafeSec: Safety and security analysis for cyber-physical systems [J].

Friedberg, Ivo ;

McLaughlin, Kieran ;

Smith, Paul ;

Laverty, David ;

Sezer, Sakir .

JOURNAL OF INFORMATION SECURITY AND APPLICATIONS, 2017, 34 :183-196

[5]

International Organization for Standardization, 2018, 270052018 ISOIEC

[6]

Ji X, 2016, 2016 17TH IEEE/ACIS INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING, ARTIFICIAL INTELLIGENCE, NETWORKING AND PARALLEL/DISTRIBUTED COMPUTING (SNPD), P693, DOI 10.1109/SNPD.2016.7515980

[7] An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System [J].

Kure, Halima Ibrahim ;

Islam, Shareeful ;

Razzaque, Mohammad Abdur .

APPLIED SCIENCES-BASEL, 2018, 8 (06)

[8]

MACCARONE, 2021, THESIS U PITTSBURGH

[9]

National Information Security Standardization Technical Committee (SAC/TC 260), 2018, 36466 GBT

[10]

Papa S. M., 2012, P INT C SECURITY MAN, P1

← 1 2 →