KINAC has regulated cyber security of nuclear facilities based on「Act on Physical Protection and Radiological Emergency」and KINAC/RS-015 “Security for Computer and Information System of Nuclear Facilities”, a regulatory guide. By that law and regulatory guide, nuclear licensees shall protect digital assets so-called CDAs, which are conducting safety, security, and emergency preparedness functions from cyber-attack. First of all, to protect CDAs from cyber-attack, licensees should identify CDAs from their assets according to the RS-015. The identification methods are provided in another regulatory guide, RS-019. To research the best practice, a reference case is selected as a U.S. case. In this study, a comparison analysis was conducted especially focused on EP CDAs identification methodology between R.O.K. and U.S., because the regulation basis is relatively insufficient in R.O.K., and improvement plans for the cyber security regulations in R.O.K were proposed. From the analysis, it was identified that detailed methods to identify EP function are provided in NEI 10-14 “Identifying Systems and Assets Subject to the Cyber Security Rule” published by Nuclear Energy Institute (NEI), an institute of nuclear power reactor licensees. Also identified that the definition of EP function is provided clearly in NEI 10-04 based on related regulation, 10 CFR 50.47 “Emergency Plans”. In that regulation, licensees shall follow and maintain the effectiveness of an emergency plan that meets the sixteen planning standards of 10 CFR 50.47(b). So, these sixteen planning standards correspond to the emergency preparedness functions. In NEI 10-04, scoping considerations for emergency preparedness function are provided referring to sixteen planning standards. Moreover, in that scoping considerations, planning standards, planning standard functions and 10 CFR 73.54 “Protection of digital computer and communication systems and networks” scoping guidance are provided, so, licensees identify EP CDA in their assets conveniently. In case of R.O.K., because these sixteen planning standards are not established, there is an ambiguity in identifying EP CDAs. The only related provision is “Detailed Standards for Establishment of Emergency Plan”. To resolve the ambiguity, it is needed to analyze sixteen planning standards in 10 CFR 50.47(b) and “Detailed Standards for Establishment of Emergency Plan”. Then, should be developed ‘scoping considerations for emergency preparedness function’ based on the analysis as provided in NEI 10-04.

• In-hyo Lee(Korea Institute of Nuclear Nonproliferation and Control (KINAC)) Corresponding author