According to the “Law on protection and response measures for nuclear facilities and radiation”, Nuclear Power Plant (NPP) licensees should conduct periodic exercises based on hypothetical cyberattack scenarios, and there is a need to select significant and probable ones in a systematic manner. Since cyber-attacks are carried out intentionally, it is difficult to statistically specify the sequences, and it is not easy to systematically establish exercise scenarios because existing engineering safety facilities can be forcibly disabled. To deal with the above situation, this paper suggests a procedure using the Probabilistic Safety Assessment (PSA) model to develop a cybersecurity exercise scenario. The process for creating cyber security exercise scenarios consists of (i) selecting cyber-attack-causing initiating events, (ii) identifying digital systems, (iii) assigning cyber-attack vectors to a digital system, (iv) determining and adding type for operator’s response, (v) modifying a baseline PSA model, and (vi) extracting top-ranked minimal cut sets, and (vii) selecting a representative scenario. This procedure is described in detail through a case study, an expected cyber-attack scenario General Transient-Anticipated Transient Without Scram (GTRN-ATWS). It refers to an accident scenario for ATWS induced by GTRN. Since ATWS is targeted for cyber training in some NPPs, and GTRN is one of the most common accidents occurring in NPPs, GTRN-ATWS was chosen as an example. As for the cyber-attack vector, portable media and mobile devices were selected as examples based on expert judgment. In this paper, only brief examples of GTRN-ATWS events have been presented, but future studies will be conducted on an analysis of all initiating events in which cyber-attacks can occur.

In South Korea, the master plan for high-level radioactive waste management, announced in 2016, suggested the construction and operation of intermediate storage facilities on a permanent disposal site and specified the adoption of dry storage in consideration of the ease of operation and expansion. As of 2021, the government is again reviewing its overarching policy on the back-end fuel cycles, including intermediate storage and permanent disposal. In the case of dry storage facilities, safety evaluation is being conducted using a combination of deterministic and probabilistic approaches, similar to that of nuclear power plants. The two methods are complementary, of which Probabilistic Safety Assessment (PSA) has the advantage of being able to identify key scenarios affecting safety, but its use in storage facilities has not been highlighted so far. However, depending on the spent fuel management phases such as loading, transportation, and storage, it may be not enough to capture effective and efficient safety evaluation only deterministically, and probabilistic methods may contribute to the evaluation of long-term operation or external events such as an earthquake. There have already been cases where PSA has been performed on a part of the nuclear fuel cycle through previous studies. This paper created the safety assessment model based on open sources such as the released EPRI reports, by targeting arbitrary intermediate storage facilities. The model considered the scenarios for loading, transportation, and storage, with human error respectively. It will be able to be modified and improved to fit domestic and specific intermediate storage facilities in the future.