Risk assessment on Instrumentation and Control Network Security Management System for nuclear power plants

Abstract

Modern nuclear power plants have been adopting open standards in their digital networks to enhance extensibility and interoperability. This also opens another possibility for an attacker to intrude into the networks. To prevent digital networks from being attacked, the U.S. Nuclear Regulatory Commission provides guidelines regarding achieving high reliability and design quality requirements. However, quality assurance in hardware/software components is not sufficient to ensure the security of the overall network system. Security policies and sound system administration are also indispensable factors to rigid security. To enhance the level of security protection in the Taiwan nuclear power plants, this investigation aims at the scope of digital instrumentation and control networks in one of the nuclear power plants in Taiwan, takes advantages of the guidelines of RG 1.152, follows the network security standard of NUREG-0800 Appendix 7.1-D and attempts to plan and design an ISMS based on the methodology of BS7799. The result of this investigation will be able to help nuclear power plants to organize and establish the first phase of Instrumentation and Control Network Security Management System (ICNSMS), which thinks over information and network security issues in a comprehensive perspective.