A Cyber-Security Implementation Framework for Nuclear Power Plant Control Systems

  • Cheol-kwon Lee
  • Jae-gu Song
  • Dong-young Lee
  • Hyun-mi Jung
  • Gang-soo Lee
Part of the Communications in Computer and Information Science book series (CCIS, volume 206)


Control systems of nuclear power plants have been faced with the risk of cyber-security attacks from inside or outside agents. Thus control systems should efficiently and strongly account for the attacks. We propose a cyber-security implementation framework by integrating conventional concepts and paradigm such as CC, PP, ST, operational system evaluation, certification and accreditation, risk management, and etc.


cyber-security nuclear power plant instrumentation & control system security control risk evaluation common criteria system protection profile system security target 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Regulatory Guide 5.71, Cyber security programs for nuclear facilities, U.S. Nuclear Regulatory Commission (2010)Google Scholar
  2. 2.
    FIPS 140-2, Security Requirements for Cryptographic Modules, NIST (2001)Google Scholar
  3. 3.
    CCMB-2009-07-002, Common Criteria for Information Technology Security Evaluation, Version 3.1 (2009)Google Scholar
  4. 4.
    ISO/IEC TR 19791, Operational system protection profiles (2010)Google Scholar
  5. 5.
    Jayawickrama, W.: Managing Critical Information Infrastructure Security Compliance: A Standard Based Approach Using ISO/IEC 17799 and 27001. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM 2006 Workshops. LNCS, vol. 4277, pp. 565–574. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    NIST SP 800-53, Rev 3, recommended security controls for federal information systems (2009)Google Scholar
  7. 7.
    System Protection Profile - Industrial Control Systems, Version 1.0, NIST (2004)Google Scholar
  8. 8.
    NIST SP 800-82, Guide to Industrial Control Systems (ICS) Security, NIST (2008)Google Scholar
  9. 9.
    Catalog of Control Systems Security: recommendations for Standards Developers, Control systems security program, National cyber security division, Homeland security (2009)Google Scholar
  10. 10.
    IEC 62465 CD1 ed. 1.0, Nuclear Power Plants - instrumentation and control important to safety - requirements for security programmes for computer-based systems (2011)Google Scholar
  11. 11.
    CIP–002–3 ~ CIP–009–3 —Cyber Security (2011)Google Scholar
  12. 12.
    NIST SP 800-37, Rev.1, Guide for applying the risk management framework to federal information systems (2010)Google Scholar
  13. 13.
    DePoy, J., et al.: Critical Infrastructure Systems of Systems Assessment Methodology. SANDIA REPORT (2006)Google Scholar
  14. 14.
    Polk, W., Malkewicz, P.: Jaroslav Novak, Industrial Cyber Security From the Perspective of the Power Sector. Revision 1, DEFCON 18 (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Cheol-kwon Lee
    • 1
  • Jae-gu Song
    • 1
  • Dong-young Lee
    • 1
  • Hyun-mi Jung
    • 2
  • Gang-soo Lee
    • 2
  1. 1.I&C Human Factors Research DivisionDaejeonKorea
  2. 2.Dept of Computer EngineeringHannam UniversityDaejeonKorea

Personalised recommendations