Requirements and Life Cycle Model-Based Assessment of NPP I&C Systems Cyber Security and Safety

Requirements and Life Cycle Model-Based Assessment of NPP I&C Systems Cyber Security and Safety

Andriy Kovalenko (Centre for Safety Infrastructure-Oriented Research and Analysis, Kharkiv National University of Radio Electronics, Ukraine), Oleksandr Siora (Research and Production Corporation Radiy, Ukraine) and Anton Andrashov (Research and Production Corporation RadICS, Ukraine)
DOI: 10.4018/978-1-7998-3277-5.ch005


The chapter discusses the importance of assessment of interference degree for various attributes of safety-critical instrumentation and control (I&C) systems and proposes applicable metrics. An approach to analysis of safety-critical I&C systems is presented. Such approach relies on performance of gap analysis and consideration of influence of human, technique, and tool. The approach is applicable to cyber security assessment for various safety-critical I&C systems, including complex instrumentation and control systems and field-programmable gate arrays (FPGA)-based systems.
Chapter Preview


Nowadays safety-critical systems are widely used by the world industry in various areas in forms of I&C systems, including those for NPPs, on-board computer-based systems, electronic medical systems, etc. Moreover, FPGA technology is now being trend in safety-critical systems implementation that inevitably leads to new challenges in various aspects of such systems design, operation and maintenance requiring new approaches, techniques and appropriate requirements. First goal of this chapter is to customize the elements of gap analysis (GA), Intrusion Modes and Effects Criticality Analysis (IMECA) technique and analysis of development processes related to the developer (human), technique, and tool (HTT) to develop an approach, which can be used in analysis and assessment of safety-critical systems (Kharchenko, V. et al. (2012,c), NUREG/CR-7006).

Design and development processes for any safety-critical I&C systems, including complex ones, require predetermined and formalized processes for all types of activities, including design, verification and validation (V&V). There are some set of proposed life cycle representations in a form of appropriate models, including waterfall, incremental, spiral, agile, prototyping, star, hybrid, Y, etc. (Isaias, P. et. al. (2015), Bhuvaneswari1, T. et. al. (2013)).

One of the most convenient forms of design life cycle representation for a safety-critical I&C system is so-called “V-model”, which involves the phased development of certain artifacts (components of the future system), and each artifact is subject to formal verification intended to prevent unauthorized changes in design or functionality. (Kharchenko, V. et. al. (2017)).

V-model is a conveniently organized formalized sequence of development phases of the final product, typically complex. It implies stating the requirements in the beginning, and allows correlating the design stages with the appropriate tests. The basic principle of a V-model is that the detailing of the project increases when it moves from left to right, as the time passes. Iterations in the project are executed horizontally, between the left (descending) and the right (ascending) branches. This allows for support during the planning and implementation of the project.

In addition, a V-model can be generalized in several directions to meet the requirements and reflect the complexity layers of the product.

The main disadvantages of existing V-models include the following:

  • Lack of support for parallel events.

  • Lack of support for the introduction of dynamic changes at different stages of the product's life cycle.

  • Too late testing of requirements in the life cycle, which makes it impossible to make changes without affecting the schedule of project implementation.

  • Some results can only be obtained after the complete performance of the activities described by the left branch.

In order to consider and take into account all the features of modern complex safety-critical I&C systems and their underlying technologies, it is necessary to analyze the attributes of a system. For this purpose, a development life cycle (DLC) of a system can be represented in the form a V-submodels set that are partially superimposed and corresponding to each of the DLCs associated with the specific components of the system, thus covering the development stages of the components along with the appropriate return points (Shamraev, A. et. al. (2017)).

Given the fact that, in a general case, both the starting point and the length of the DLC are specific for the components, so all V-submodels can be separated to perform a comprehensive evaluation. The complete set of all component-related V-submodels for safety-critical I&C forms a component-oriented (two-coordinate) V-model of the DLC.

In order to link the DLC of a specific attribute to each of the components of a safety-critical I&C system into a component-oriented V-model, consider additional attribute-related plane (formed by a set of attributes of the component). Thus, it can be stated that there are already three coordinates due to the addition of the attribute to a component-oriented (two-coordinate) V-model of DLC. In addition, in conjunction with the DLC, it is already possible to analyze a certain aspect in the three-dimensional space determined by the three coordinates associated with certain system’s component, its attribute and the stage of the DLC.

Key Terms in this Chapter

Risk: The level of impact on agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system, given the potential impact of a threat and the likelihood of that threat occurring.

Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

Threat: Any circumstance or event with the potential to adversely impact agency operations (including mission, functions, image, or reputation), agency assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Security: Avoidance of dangerous situation due to malicious threats.

Regulatory Requirement: Requirement, which is established by National Regulatory Authority (authority designated by government for regulatory purposes for safety assurance).

Security Controls: The management, operational, and technical controls (i.e., safeguards or countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.

Identification: The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system.

Complete Chapter List

Search this Book: