Cyber Security Assessment of NPP I&C Systems

Cyber Security Assessment of NPP I&C Systems

Oleksandr Klevtsov (State Scientific and Technical Center for Nuclear and Radiation Safety, Ukraine), Artem Symonov (State Scientific and Technical Center for Nuclear and Radiation Safety, Ukraine) and Serhii Trubchaninov (State Scientific and Technical Center for Nuclear and Radiation Safety, Ukraine)
DOI: 10.4018/978-1-7998-3277-5.ch009
OnDemand PDF Download:
List Price: $37.50
10% Discount:-$3.75


The chapter is devoted to the issues of cyber security assessment of instrumentation and control systems (I&C systems) of nuclear power plants (NPP). The authors examined the main types of potential cyber threats at the stages of development and operation of NPP I&C systems. Examples of real incidents at various nuclear facilities caused by intentional cyber-attacks or unintentional computer errors during the maintenance of the software of NPP I&C systems are given. The approaches to vulnerabilities assessment of NPP I&C systems are described. The scope and content of the assessment and periodic reassessment of cyber security of NPP I&C systems are considered. An approach of assessment to cyber security risks is described.
Chapter Preview


The problem of the information and cyber security assurance of nuclear facilities, including NPP, is becoming more relevant. The basis for the implementation of various practical measures for protection of the NPP I&C systems against cyber threats is the assessment of cyber security.

Cyber security assessment allows to identify possible vectors of cyber-attacks and existing weaknesses in the protection of NPP against cyber threats. Based on the results of the assessment, appropriate cyber security measures are realized for increasing the security of the NPP I&C systems and for reducing the probability of a successful cyber-attack with dangerous consequences for the NPP safety.

The goal of the chapter is the consideration of the main components of the cyber security assessment of the NPP I&C systems:

  • Assessments of potential cyber threats;

  • Vulnerabilities assessments of the NPP I&C systems;

  • Assessment of cyber security measures; and

  • Assessment of cyber security risks (if using of risk-based approaches).



Cyber security assessment of the NPP I&C systems is a complex multicomponent task, the solution of which requires an integrated approach and implementation of measures in several areas:

  • Development of legislative and regulatory framework;

  • Compliance with the general principles of cyber security assurance (e.g., defense-in-depth, graded approach, cyber security policy, cyber security culture, etc.);

  • Creation of cyber security teams at I&C systems development companies and NPPs;

  • Cyber security assessment;

  • Implementation of cyber security measures (including design measures) during the development, manufacturing, implementation, operation and decommissioning of NPP I&C systems;

  • Development of procedures and training for response to cyber security incidents; and

  • Reporting and investigating cyber security incidents in order to take appropriate measures and industry decisions for prevention of the spread of such incidents to other NPPs and their recurrence in the future.

Cyber security assessment is an important stage that precedes the development and implementation of specific measures to ensure cyber security assurance of the NPP I&C systems. The assessment also allows determining the adequacy of realized measures for protection against cyber threats.

Many international and national documents contain requirements and a description of the procedure for cyber security assessment.

Requirements to cyber security assessment are contained in the document IAEA, 2018, according to that such assessment should be performed for each phase of I&C system life cycle to identify potential threats as well as vulnerabilities and weaknesses. Also, each organization that is responsible for development, deploying, operation, maintenance or decommissioning of I&C systems or their components should perform periodic cyber security assessment and audit.

IAEA, 2016 provides a detailed description of the procedure, scope and content of a cyber security assessment of nuclear installations, including vulnerabilities assessment.

IEC, 2014 requires the cyber security assessment of the final design of I&C system, as well as periodic reassessment of risks and security controls during the operation of I&C system.

NUREG, 2004 is prohibited for the public access, however, according to its name, it contains provisions for self-assessment of cyber security recommended for US NPP.

NIST, 2008 does not apply directly to the NPP I&C systems, however, it is one of the most detailed manuals containing general recommendations for cyber security assessment. The document includes a description of the methods of analysis, identification of the targets of cyber-attacks, identifying of vulnerabilities, planning and conducting a cyber security assessment (including testing).

Particular interest is the study published in the report by Masood, R., 2016, where cyber risk scenarios and threat modeling for NPPs are considered.

Key Terms in this Chapter

Cyber Security Incident: An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of a computer based, networked or digital information system or the information that the system processes, stores, or transmits or that constitutes a violation or imminent risk of violation of security policies, security procedures, or acceptable use policies.

Demilitarized Zone (DMZ): Physical or logical subnetwork that contains and exposes an organization's external-facing services to an untrusted network, usually a larger network such as the Internet. The purpose of a DMZ is to add an additional layer of security to an organization's local area network: an external network node can access only what is exposed in the DMZ, while the rest of the organization's network is firewalled. The DMZ functions as a small, isolated network positioned between the Internet and the private network and, if its design is effective, allows the organization extra time to detect and address breaches before they would further penetrate into the internal networks.

Attack: An attempt to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset.

Threat: Potential cause of an unwanted incident, which may result in harm to a system or organization.

Vulnerability: Weakness of an asset or control that can be exploited by a threat.

Complete Chapter List

Search this Book: