Abstract
NPP (Nuclear Power Plant) Operators have approached the problem of cyber security by simply keep up with the never-ending stream of new vulnerability alerts from suppliers and groups like ICS-CERT. Keeping Cyber Security Compliance, NPP Owner must patch vulnerabilities according to their CVSS Score. In fact, NPP Owner often has to deal with hundreds of vulnerabilities, which is not a trivial task to carry out. Unfortunately, the CVSS Score has been shown to be poor indicator for actual exploitation in NPP. This paper analyzes Vulnerability Assessment Methodology about Critical digital asset in NPP. And then give an effective methodology. It approaches the cyber security regulations of NPP from a technical vulnerability point of view, where any given Critical Digital Asset can be assessed for vulnerabilities.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
NIST Special Publication 800-82: Guide to Industrial Control Systems Security. Revision 2 (2015)
Ahn, J.: Research on software vulnerability scoring systems, p. 23 (2013)
Common Vulnerability Scoring System v3.0: Specification Document
Ahn, J.: Quantitative scoring system on the importance of software vulnerabilities, p. 4 (2015)
Shank, J.: Cyber Alert & Notification System Update (2016)
Skybox Security Vulnerability and Threat Trends Report (2018)
Jang, D.: A study on the IoT software and network vulnerability assessment system, pp. 4–6 (2017)
Song, J.G.: A cyber security risk assessment for the design of I&C systems in nuclear power plants, pp. 1–3 (2012)
Kostadinov, V.: Vulnerability assessment as a missing part of efficient regulatory emergency preparedness system for nuclear critical infrastructure (2011)
Holt, M.: Nuclear Power Plant Security and Vulnerabilities. Congressional Research Service, Washington, DC (2014)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Kim, S., Euom, I., Ha, C., Lee, J., Noh, B. (2019). A Study on the Vulnerability Assessment for Digital I&C System in Nuclear Power Plant. In: Kang, B., Jang, J. (eds) Information Security Applications. WISA 2018. Lecture Notes in Computer Science(), vol 11402. Springer, Cham. https://doi.org/10.1007/978-3-030-17982-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-17982-3_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-17981-6
Online ISBN: 978-3-030-17982-3
eBook Packages: Computer ScienceComputer Science (R0)