Computer Security of NPP Instrumentation and Control Systems: Computer Security Justification Documents
PDF

Keywords

computer security, instrumentation and control system, computer security policy, computer security program, computer security plan

How to Cite

Symonov, A., Klevtsov, O., Trubchaninov, S., & Lazurenko, O. (2019). Computer Security of NPP Instrumentation and Control Systems: Computer Security Justification Documents. Nuclear and Radiation Safety, (4(84), 73-81. https://doi.org/10.32918/nrs.2019.4(84).09

Abstract

The approaches to the development and management of computer security justification documents on computer security policy, program and plan, computer incident response plan, reports related to computer security are considered in the paper. Requirements for computer security policy, program and plan are presented, and the analysis of different approaches adopted and reflected in the documents of the International Atomic Energy Agency, U.S. Nuclear Regulatory Commission and International Electrotechnical Commission is carried out. It is noted that the approaches used by these organizations to the development and management of computer security justification documents are quite similar.

The paper provides suggestions for the development of requirements for computer security justification documents on the instrumentation and control systems at Ukrainian NPPs.

The analysis of different international approaches to the development, implementation, and management of the computer security policy, program and plan has allowed developing requirements for the above-mentioned documents, which will be reflected in the new regulation taking into account the current situation at Ukrainian NPPs. Besides, it is planned to include separate requirements for computer security documentation of the developers of instrumentation and control systems regarding computer incident response plan and reporting documents on computer security in this regulation. The paper presents recommendations for the content, implementation and management of computer security justification documents.

https://doi.org/10.32918/nrs.2019.4(84).09
PDF

References

1. Klevtsov, А.L., Trubchaninov, S.A. (2015). Computer security of NPP instrumentation and control systems: cyber threats. Nuclear and Radiation Safety, 1(65), pp. 54-58.

2. Klevtsov, А.L., Yastrebenetsky, M.A., Trubchaninov, S.A. (2015). Computer security of NPP instrumentation and control systems: regulatory framework. Nuclear and Radiation Safety, 4(68), pp. 51-57.

3. Klevtsov, А.L., Symonov, A.A., Trubchaninov, S.A. (2016). Computer security of NPP instrumentation and control systems: categorization. Nuclear and Radiation Safety, 4(72), pp. 65-70.

4. Symonov, A.A., Klevtsov, А.L., Trubchaninov, S.A. (2017). Computer security of NPP instrumentation and control systems: protective measures against computer threats. Nuclear and Radiation safety, 2(74), pp. 46-50.

5. IAEA Nuclear Security Series, No. 17 (2011). Computer security at nuclear facilities. Reference manual. Technical guidance. International Atomic Energy Agency, Vienna, 88 p.

6. Computer security of instrumentation and control systems at nuclear facilities: technical guidance. International Atomic Energy Agency, Vienna, 2018. (IAEA nuclear security series, ISSN 1816-9317; No. 33-T). ISBN 978-92-0-103117-4.

7. U.S. Nuclear Regulatory Commission Regulations. Title 10, Code of Federal Regulations, Part 73 – Physical protection of plants and materials, § 73.54 Protection of digital computer and communication systems and networks. Washington, DC, 02 December 2015.

8. RG 5.71 (2010). Cyber security programs for nuclear facilities. U.S. Nuclear Regulatory Commission, Washington, 105 p.

9. IEC 62645 (2014). Nuclear power plants – Instrumentation and control systems – Requirements for security programmes for computer-based system. International Electrotechnical Commission, Geneva, 93 p.

10. RG 5.83 (2015). Cyber security event notifications. U.S. Nuclear Regulatory Commission, Washington, 21 p.

11. IEC 61226 (2009). Nuclear Power Plants – Instrumentation and Control Important to Safety, Classification of Instrumentation and Control Functions. International Electrotechnical Commission, Geneva, 64 p.

12. Law of Ukraine “On Basic Principles of Cyber Security in Ukraine” 2163 VIII of 05 October 2017. Bulletin of the Verkhovna Rada of Ukraine, 45, Art. 403. Retrieved from https://zakon.rada.gov.ua/laws/show/2163-19.