Nuclear Energy for New Europe 2009

(This is a HTML version of the abstract for information only. It can differ from the original, submitted by the author(s). Special characters, formulas and figures are not properly reproduced here. Please, contact the author(s) or refer to the printed Book of Abstracts for the correct version.)

No: 307

Conference: Nuclear Energy for New Europe 2009

Title: Cyber Security Analysis of NPP Safety Critical Systems using Attack Trees

Theme: Probabilistic Safety Assessment

Author(s): Parvaiz Ahmed Khand

Contact : Parvaiz Ahmed Khand

E-mail: parvaiz_123@yahoo.com

Address: Pakistan Institute of Nuclear Science and Technology (PINSTECH)
Islamabad

Country: Pakistan

Safety critical systems are used for control and protection of process components in Nuclear Power Plants (NPPs). To maintain the cyber security, computer-based safety critical systems must be analyzed for vulnerabilities and threats because a single successful security breach due to a cyber attack can cause system failure, which can have catastrophic consequences on the environment and plant staff.
Cyber Security is preservation of confidentiality, integrity and availability. Cyber Security Analysis (CSA) means to analyze computer-based systems from unauthorized access, use, disclosure, disruption, modification or destruction. The purpose of CSA is firstly to develop a method of identifying portions of a system that have the potential to be exploited by Design Based Threat (DBT), secondly to conduct analyses that can provide increased confidence in especially vulnerable portions of the system and, thirdly to encourage design changes that will reduce or eliminate vulnerabilities. Threat is a potential cause of attack, which may result in unwanted consequence to system. For example, threat may compromise the safety and integrity of NPP by causing the failure of Plant Protection System (PPS) to trip the nuclear reactor, which can lead to a rapid, energetic fission reaction and the release of radioactive fission products; hence, the human life and environment can be threatened. The threat may also cause unplanned outages for elimination of vulnerabilities and hence decrease the availability and reliability of the plant.
Attack trees have been widely used to analyze the cyber security of computer-based systems due to their ability to capture system specific as well as attacker specific details. In this paper, we used an attack tree based methodology to analyze the cyber security of computer-based Reactor Protection System (RPS). We first constructed an attack tree and determined the attack scenarios. Second, suitable security controls were described based on the results of the security assessment and security requirements were elicited. Third, different design configuration were evaluated using the tree and results of the security assessment.

No:	307
Conference:	Nuclear Energy for New Europe 2009
Title:	Cyber Security Analysis of NPP Safety Critical Systems using Attack Trees
Theme:	Probabilistic Safety Assessment
Author(s):	Parvaiz Ahmed Khand
Contact :	Parvaiz Ahmed Khand
E-mail:	parvaiz_123@yahoo.com
Address:	Pakistan Institute of Nuclear Science and Technology (PINSTECH) Islamabad
Country:	Pakistan

Safety critical systems are used for control and protection of process components in Nuclear Power Plants (NPPs). To maintain the cyber security, computer-based safety critical systems must be analyzed for vulnerabilities and threats because a single successful security breach due to a cyber attack can cause system failure, which can have catastrophic consequences on the environment and plant staff. Cyber Security is preservation of confidentiality, integrity and availability. Cyber Security Analysis (CSA) means to analyze computer-based systems from unauthorized access, use, disclosure, disruption, modification or destruction. The purpose of CSA is firstly to develop a method of identifying portions of a system that have the potential to be exploited by Design Based Threat (DBT), secondly to conduct analyses that can provide increased confidence in especially vulnerable portions of the system and, thirdly to encourage design changes that will reduce or eliminate vulnerabilities. Threat is a potential cause of attack, which may result in unwanted consequence to system. For example, threat may compromise the safety and integrity of NPP by causing the failure of Plant Protection System (PPS) to trip the nuclear reactor, which can lead to a rapid, energetic fission reaction and the release of radioactive fission products; hence, the human life and environment can be threatened. The threat may also cause unplanned outages for elimination of vulnerabilities and hence decrease the availability and reliability of the plant. Attack trees have been widely used to analyze the cyber security of computer-based systems due to their ability to capture system specific as well as attacker specific details. In this paper, we used an attack tree based methodology to analyze the cyber security of computer-based Reactor Protection System (RPS). We first constructed an attack tree and determined the attack scenarios. Second, suitable security controls were described based on the results of the security assessment and security requirements were elicited. Third, different design configuration were evaluated using the tree and results of the security assessment.