Diversity for NPP I&C Systems Safety and Cyber Security

Diversity for NPP I&C Systems Safety and Cyber Security

Ievgen Babeshko (National Aerospace University KhAI, Ukraine), Vyacheslav Duzhiy (National Aerospace University KhAI, Ukraine), Oleg Illiashenko (National Aerospace University KhAI, Ukraine), Alexander Siora (Research and Production Corporation Radiy, Ukraine), Vladimir Sklyar (Research and Production Corporation Radiy, Ukraine), Artem Panarin (Research and Production Corporation Radiy, Ukraine) and Eugene Brezhniev (National Aerospace University KhAI, Ukraine & Research and Production Corporation Radiy, Ukraine)
DOI: 10.4018/978-1-7998-3277-5.ch010
OnDemand PDF Download:
Available
$29.50
No Current Special Offers
TOTAL SAVINGS: $29.50

Abstract

This chapter presents a cost-effective approach to selection of the most diverse NPP Reactor Trip System (RTS) under uncertainty. The selection of a pair of primary and secondary RTS is named a diversity strategy. All possible strategies are evaluated on an ordinal scale with linguistic values provided by experts. These values express the expert's degree of confidence that evaluated variants of secondary RTS are different from primary RTS. All diversity strategies are evaluated on a set of linguistic diversity criteria, which are included in a corresponding diversity attribute. The generic fuzzy diversity score is an aggregation of the linguistic values provided by the experts to obtain a collective assessment of the secondary RTS's similarity (difference) with a primary one. This most rational diversity strategy is found during the exploitation stage, taking into consideration the fuzzy diversity score and cost of each strategy.
Chapter Preview
Top

Introduction

An important task in the development of safety-critical computer systems is achieving a high level of reliability and safety. To protect safety-critical systems from common-cause failures (CCFs) that can lead to potentially dangerous outcomes, special methods are applied, including multi-version technologies operating at different levels of diversity. Diversity is the general approach used for decreasing CCF risks of instrumentation and control (I&C) systems. Differences in equipment, development and verification technologies, implemented functions, etc. can mitigate the potential for common faults. Diversity and defense-in-depth (D3) is the required attribute of Nuclear Power Plant (NPP) I&C systems important for safety. One of the key theoretical and practical problems is the diversity estimation and optimization of used version redundancy capacity. Existing NUREG guidelines published in reports CR-7007 and CR-6303 present the technical basis for establishing acceptable mitigating strategies that resolve D3 assessment findings. These approaches work in the terms of diversity attributes and associated criteria aimed at the potential for CCF vulnerabilities and make possible to choose I&C system architecture based on combinations of diversity criteria. But they do not provide measures (diversity indexes or metrics) to calculate reliability of such a system in the context of CCF. In the report some other techniques for diversity assessment are analyzed, as well as advantages and disadvantages of these techniques in comprising with NUREG-based method are described. Possibilities of their joint applications and tool support are considered.

Although safety-critical computer systems that perform safety and security functions are required to be isolated from the external networks, including the Internet, and, therefore, are protected from many cyber threats, cyber security issues still are to be addressed. Diversity can be used in this process so as to reduce repetition of a single vulnerability and prevent possible cyber-attacks or impair their consequences. NUREG guideline CR-7141 states that deployment of diversity could be used to reduce the risk of a successful exploitation because of a common flaw or vulnerability.

The combined use of reliability, safety and cyber security models, diversity metrics and reliability indexes of system components allows enhancement of estimation sensitivity, making sufficiency criteria for diversity and redundancy more concrete and choice of technical solutions more informed and confident at the early stages of NPP I&C system design. To guarantee required level of dependability, safety and cyber security of computer-based systems for critical (safety-critical, mission-critical and business-critical) applications a diversity approach is used. This approach implies development, choice and implementation of a few diverse design options of redundant channels for created system. Probability of CCF of safety-critical systems may be essentially decreased due to selection and deployment of different diversity types on the assumption of maximal independence of redundant channels realizing software-hardware versions.

Risk of CCF is the main factor of reducing redundant I&C systems dependability. Diversity and defense-in-depth is the required principle of development for NPP I&C systems important for safety, first of all, reactor trip systems (Jonson, G., 2010). Diversity is the general approach used for decreasing CCF risks of I&C systems, because differences in hardware and software components, development and verification technologies, implemented functions, etc. can mitigate the potential for common faults (Jonson, G., 2010, NUREG/CR-6303, 1994).

One of the key theoretical and practical problems is diversity estimation and optimization of used version redundancy capacity. Diversity related decisions should be made at the first design stages, because ones affect safety and cost of NPP I&C system. There are risks of the inaccurate or untrustworthy assessment of diversity and I&C system safety as a whole.

If diversity indicator is overstated, it causes increasing risks of CCF. If result of assessment is understated, it increases costs unreasonably at the production, implementation and operation stages.

Complete Chapter List

Search this Book:
Reset