Study on Cyber Security Risk Assessment of Digital Instrumentation &Control System of Nuclear Power Plant

Abstract

The digital instrumentation and control (I&C) systems have been widely used in operating and new nuclear power plants (NPPs). The application of digital computers, communication systems and network technologies in digital I&C system of NPP has brought many benefits, including high performance and convenient maintainability. However, the digital I&C system of NPP has many cyber security risks that may lead to serious hazards. Cyber security risk assessment for digital I&C system of NPP has become more crucial. This study presents the general configuration and functions of digital I&C system of NPP. The digital asset classification, data flow and the security level of the counter measures are given based on the cyber security defense-in-depth model. The factors of asset, threat and vulnerability of digital I&C system are identified in detail. The cyber security risks of digital I&C system of NPP are analyzed for the process system interface level, automatic control and protection level, control and supervisory level, and plant information management level. The cyber security protection scheme of digital I&C system of NPP is designed to cope with the potential cyber security risks. The risk assessment contents of the every stage of cyber security full life cycle are presented. The cyber security risk assessment flow and risk assessment method for digital I&C system of NPP are proposed.