METHODOLOGY ON CYBER SECURITY EVALUATION IN NUCLEAR FACILITIES CONSIDERING IC ARCHITECTURE

摘要

Cyber security has become a major issue in nuclear facilities recently due to obsolescence of existing analog system and increasing the use of digital system for instrumentation and control (I&C) system. There are several cases which are similar to cyber-attacks in nuclear facilities such as Davis-Besse NPP. Browns Ferry NPP. Hatch NPP, Natanz Nuclear Facility, and Monju NPP. Since the cyber-attack called "Stuxnet* occurred to a Natanz Nuclear Facility at 2010, the regulatory agencies have developed regulatory guidance for cyber security of nuclear facilities. In this paper, we will propose a methodology on cyber security evaluation in nuclear facilities considering I&C architecture. We will introduce the cyber security evaluation model for I&C system with Bayesian Belief Network (BBN). The cyber security evaluation model for nuclear facilities consists of I&C architecture, cyber threat such as malicious activity of attacker, and mitigation measure against malicious activity. In order to make benchmark model with I&C architecture, cyber threat, and mitigation measure, the likelihood and consequence concepts are used as prior information to the model. Bayesian update can be used to evaluate the cyber security for nuclear facility by calculating posterior information and comparing between prior information and posterior information with the model. Moreover, we will propose the methodology on application of the cyber security to existing PSA by using the cyber security evaluation model with BBN. It presents quantitative information for cyber security against cyber-attack and it is helpful to communicate between licensee and regulator on nuclear facilities.