A Study on the Vulnerability Assessment for Digital I&C System in Nuclear Power Plant

  • SungCheol KimEmail author
  • IeckChae EuomEmail author
  • ChangHyun HaEmail author
  • JooHyoung LeeEmail author
  • BongNam NohEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11402)


NPP (Nuclear Power Plant) Operators have approached the problem of cyber security by simply keep up with the never-ending stream of new vulnerability alerts from suppliers and groups like ICS-CERT. Keeping Cyber Security Compliance, NPP Owner must patch vulnerabilities according to their CVSS Score. In fact, NPP Owner often has to deal with hundreds of vulnerabilities, which is not a trivial task to carry out. Unfortunately, the CVSS Score has been shown to be poor indicator for actual exploitation in NPP. This paper analyzes Vulnerability Assessment Methodology about Critical digital asset in NPP. And then give an effective methodology. It approaches the cyber security regulations of NPP from a technical vulnerability point of view, where any given Critical Digital Asset can be assessed for vulnerabilities.


Vulnerability assessment CVSS Nuclear Power Plant 


  1. 1.
    NIST Special Publication 800-82: Guide to Industrial Control Systems Security. Revision 2 (2015)Google Scholar
  2. 2.
    Ahn, J.: Research on software vulnerability scoring systems, p. 23 (2013)Google Scholar
  3. 3.
    Common Vulnerability Scoring System v3.0: Specification DocumentGoogle Scholar
  4. 4.
    Ahn, J.: Quantitative scoring system on the importance of software vulnerabilities, p. 4 (2015)CrossRefGoogle Scholar
  5. 5.
    Shank, J.: Cyber Alert & Notification System Update (2016)Google Scholar
  6. 6.
    Skybox Security Vulnerability and Threat Trends Report (2018)Google Scholar
  7. 7.
    Jang, D.: A study on the IoT software and network vulnerability assessment system, pp. 4–6 (2017)Google Scholar
  8. 8.
    Song, J.G.: A cyber security risk assessment for the design of I&C systems in nuclear power plants, pp. 1–3 (2012)Google Scholar
  9. 9.
    Kostadinov, V.: Vulnerability assessment as a missing part of efficient regulatory emergency preparedness system for nuclear critical infrastructure (2011)Google Scholar
  10. 10.
    Holt, M.: Nuclear Power Plant Security and Vulnerabilities. Congressional Research Service, Washington, DC (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.KEPCO KDNNajuRepublic of Korea
  2. 2.Chonnam National UniversityGwangjuRepublic of Korea

Personalised recommendations