NPP (Nuclear Power Plant) Operators have approached the problem of cyber security by simply keep up with the never-ending stream of new vulnerability alerts from suppliers and groups like ICS-CERT. Keeping Cyber Security Compliance, NPP Owner must patch vulnerabilities according to their CVSS Score. In fact, NPP Owner often has to deal with hundreds of vulnerabilities, which is not a trivial task to carry out. Unfortunately, the CVSS Score has been shown to be poor indicator for actual exploitation in NPP. This paper analyzes Vulnerability Assessment Methodology about Critical digital asset in NPP. And then give an effective methodology. It approaches the cyber security regulations of NPP from a technical vulnerability point of view, where any given Critical Digital Asset can be assessed for vulnerabilities.
