P. A. Khand


To maintain the cyber security, nuclear digital Instrumentation and Control (I&C) systems must be analyzed for security risks because a single security breach due to a cyber attack can cause system failure, which can have catastrophic consequences on the environment and staff of a Nuclear Power Plant (NPP). Attack trees have been widely used to analyze the cyber security of digital systems due to their ability to capture system specific as well as attacker specific details. Therefore, a methodology based on attack trees has been proposed to analyze the cyber security of the systems. The methodology has been applied for the Cyber Security Analysis (CSA) of a Bistable Processor (BP) of a Reactor Protection System (RPS). Threats have been described according to their source. Attack scenarios have been generated using the attack tree and possible counter measures according to the Security Risk Level (SRL) of each scenario have been suggested. Moreover, cyber Security Requirements (SRs) have been elicited, and suitability of the requirements has been checked.

Full Text:



M. Oba et al., I&C design features for fully computerized systems in the US-APWR, Int. Cong. Advances NPPs, Nice, France (2007),

J. Timothy McCreary, A. Hsu, Cyber Secure Systems Approach for NPP Digital Control Systems, NPIC&HMIT (2006) p.548-559.

NUREG/CR-6842, Advanced reactor licensing: experience with digital I&C

technology in evolutionary plants, U.S. Nuclear Regulatory Commission (2004).

S. S. Lee, M. Chiramal and E. J. Lee, Potential vulnerability of plant computer network to worm infection, NRC Information Notice 2003-14, Office of Nuclear Reactor Regulation, U.S. Nuclear Regulatory Commission (August 29, 2003) http://www.

K. Poulsen, Slammer worm crashed Ohio nuke plant network, Security Focus, (2003).

B. Littlewood, S. Brocklehurst, N. Fenton, P. Mellor, S. Page and D. Wright, J. Comput. Security 2 (1993) 211.

F. Gong et al., Characterizing intrusion tolerant systems: Using a state transition model, Proc. DARPA Information Survivability Conf. and Exposition (2001).

B. B. Madan et al., Modeling and quantification of security attributes of software systems, Proc. Int. Conf. Dependable Sys. Networks (2002) p.505-514.

B. Karabacak and I. Sogukpinar, Comput. Security 24, No. 2 (2005) 147.

Cost-Of-Risk Analysis (CORA),

C. Taylor, A. Krings and J.A. Foss, Risk analysis and probabilistic survivability assessment (RAPSA): An assessment approach for power substation hardening, Proc. ACM Workshop Scientific Aspects Cyber Terrorism (2002) p.1–9.

C. Fung et. al., Survivability analysis of distributed systems using attack tree methodology, IEEE Military Commun. Conf., Atlantic City, New Jersey (2005) p. 583- 589.

N.G. Leveson, System Safety and Computers, Safeware, Addison Wesley Publishing Company, USA (1995) Ch. 13, p. 290.

CERT, Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE),

KINS/GT-N27, Cyber Security of instrumentation and control systems in nuclear facilities, Korea Institute of Nuclear Safety (KINS), Republic of Korea (2007).

J. Aagedal et al., Model-based risk assessment to improve enterprise security, Proc. 6th Int. distributed object computing Conf. (2002).

Control Objective for Information and related Technology (COBIT),

E. Adar and A. Wuchner, Risk management for critical infrastructure protection (CIP) challenges, best practices & tools, Proc. 1st IEEE Int. Work. Critical Infrastructure Protection (2005).

B. Blakley, E. McDermott and D. Geer, Information security is information risk management, Proc. Workshop New Security Paradigms (2001) p.97–104.

M. Gerber and R.V. Solms, Comput. Security 24, No.1 (2005)16.

INL/EXT-06-11478, Control systems cyber security: defense in depth strategies, Idaho National Laboratory, USA (2006) p.8.

E.J. Byres, M. Franz and D. Miller, The use of attack trees in assessing vulnerabilities in SCADA systems, Proc. Int. Infrastructure Survivability Work., Lisbon, Portugal (2004).

K. Edge, R. Raines, R. Bennington and C. Reuter, The use of attack and protection trees to analyze security for an online banking system, Proc. 40th Hawaii Int. Conf. Sys. Sci. (2007).

B. Schneier, Attack Trees, Dr. Dobb’s Journal 24, No.12 (1999) 9.

CERT/CC Statistics, CERT Coordination Center,

All Net Security Database, Fred Cohen & Associates,

Security bulletin, Microsoft Corporation,

Common Vulnerabilities and Exposures (CVE) and Common Configuration Enumeration (CCE) Statistics, National Institute of Standards and Technology (NIST) USA,

Open Vulnerability and Assessment Language (OVAL), /about/index.html.

Open Source Vulnerability Database (OSVDB),

Symantec threat explorer, Symantec Corporation business/security_response/threatexplorer

E. J. Byres and J. Lowe, The myths and facts behind Cyber Security Risks for Industrial Control Systems, Proc. VDE Congress, Berlin (2004).

Control systems - overview of cyber vulnerabilities, US-CERT, http://www.uscert. gov/control_systems/csvuls.html

IAEA-Nuclear Security Series, Security of Information and I&C Systems at Nuclear facilities (2007) p.16-17, http://entrac.iaea. org/I-and-C/TM_IDAHO 2006/CD/CyberSec Doc_v1_rev20070206_AC_secure.pdf

ISO/IEC 15408, Information technology — Security techniques — Evaluation criteria for IT security, 2005, Part 1-3,

P. Moore et al., Attack Modeling for Information Security and Survivability, Software Engineering Institute, Carnegie Mellon University (CMU), Technical note: CMU/SEI-2001-TN-001.

IEEE Std 1012-2004, IEEE Standard for Software Verification and Validation , IEEE Computer Society (2005) Annex B, p.88-89

AS/NZS 4360, Risk management, Standards Association of Australia, uk/ihc/documents/A.4.1.4_ Australia_and_New_Zealand_Methodology_AS_NZ%204360_1999.pdf (1999) App. E, p.34-35

Y. Kang, C.H. Jeong and D.I. Kim, Regulatory approach on digital security of instrumentation, control and information systems in nuclear power plants, Proc. IAEA Technical Meeting Cyber Security NPP I&C Info. Sys. (2006).

NIST SP 800-53, Recommended security controls for federal information systems, National Institute of Standards and Technology (NIST) (2007) http://csrc.nist. gov/publications/PubsSPs.html.

NIST SP 800-82, Guide to Industrial Control Systems (ICS) Security, National Institute of Standards and Technology (NIST) USA (2007) Ch. 6.

ISA-TR99.00.01-2004, Security technologies for manufacturing and control systems (2004)

ISO 17799, Information Technology – Code of practice for information security management (2005)

Maria Karyda et al., Comput. Security 24, No. 3 (2005) 246.

SAND 2005-1002C, Framework for SCADA Security Policy, Sandia National Laboratories Report (2005).

P. A. Khand and P. H. Seong, An Attack Model Development Process for the Cyber Security of Safety related Nuclear Digital I&C Systems, Proc. Korean Nuclear Society fall meeting, Jeju Island, Republic of Korea (2007).

R.Watabe, T. Oi and Y. Endo, The security design of remote maintenance system for nuclear power plants, based on ISO/IEC 15408, Proc. IAEA Technical Meeting Cyber Security NPP I&C Info. Sys. (2006).

R. Lamarsh and J. Baratta, Introduction to Nuclear Engineering, Addison-Wesley, 3rd ed. (2001).

P.H. Seong, Nuclear Power Plant Instrumen-tation Systems, NQE-532 Notes, Department of Nuclear and Quantum Engineering, Korea Advanced Institute of Science and Technology (KAIST), Republic of Korea, (2005) p.717-815.

P.H. Seong, Nuclear Power Plant Instrumen-tation System Design, NQE-631 Notes, Department of Nuclear and Quantum Engineering, Korea Advanced Institute of Science and Technology (KAIST), Republic of Korea, (2006) Ch.8.

S. R. Koo et al., Nucl. Eng. Tech. 38, No. 3 (2006) 259.

V. M. Igure et al., Comput. Security 25, No.7 (2006) 498.


  • There are currently no refbacks.