논문 상세보기
Improvement of Cyber Security Contingency Plan by Classifying CDA Types
The licensee of nuclear facilities in the Republic of Korea should ensure the functionality of Critical Digital Assets (CDAs) is maintained and minimize the negative impact of cyber-attacks by establishing a cyber security contingency plan. The contingency plan should include detailed response guidelines for each stage of detection, analysis, isolation, eradication, and recovery and comply with the requirements specified in KINAC’s “Regulatory Standard 015 - Security for Computer and Information System of Nuclear Facilities”. However, since the cyber security contingency plan describes the overall response guidelines for CDA, it may be difficult to respond practically to cyberattacks. This paper suggests a method to address this issue by performing exercises based on the classification of CDA types. CDAs in nuclear facilities can be classified according to their characteristics. The criteria for classifying CDA types include whether the asset is a PC, whether communication ports (RS-232, 422, 485) exist, whether storage devices can be connected through USB/memory card ports and whether internal settings can be changed through HMI devices such as built-in buttons. By classifying CDA types based on the proposed criteria, the attack vectors of CDAs can be defined. By defining the attack vectors, a list of cyber-attacks that CDAs may face can be created, and abnormal symptoms of CDAs resulting from the listed cyber-attacks can be defined. By using the defined abnormal symptoms of CDAs, the response measures of detection, analysis, isolation, eradication, and recovery can be concretized and reflected in the contingency plan. This may enable a more practical emergency response. This paper presents an improvement to the cyber security emergency response plan through the definition of cyber-attacks based on the classification of CDA types. By improving the contingency plan for CDAs as a whole using the proposed method, it is expected that more effective response measures can be taken in the event of a cyber-attack.
