The Security Vulnerability Analysis of Nuclear Power Digital Instrument Control Platform NASPIC

Abstract

From the general industrial control system to the nuclear power plant control platform, the threat of information security has its own particularity more than continuity. The original dedicated system in general industrial area is gradually replaced by many common protocol, software and equipment. As a result, the security vulnerabilities are more likely to be used illegally. For a specific nuclear power plant digital control platform-NASPIC, the vulnerability analysis of platform is performed. Mainly two aspects of technology and management are to be carried out. For technical aspects, four categories problems-unauthorized execution, unauthorized write, unauthorized reading and reject service-are analyzed. Management is mainly about the lack of management strategy and strategy vulnerability. By analyzing the fragility of the instrument control platform, the key equipments, key channels and key modules are proposed. The qualitative and quantitative rules are deduced for evaluation of NASPIC information security.