논문 상세보기
A Study on I&C System Decision Process for Cyber Security Test
Because a cyber-attack on industrial control system (ICS) and/or critical infrastructure such as NPPs is evolving, it is necessary to develop a cyber security regulation technology corresponding to the attack technology. Nevertheless, it is almost impossible to test actual I&C systems in NPPs for evaluating cyber security against new vulnerabilities or attack vectors. So, a testing environment is needed to conduct penetration tests and evaluate the overall cyber security of NPPs. For that purpose, KINAC is developing a cyber security test bed and has plans to apply the insight from the test bed to cyber security regulation in NPPs. Conceptually, the test bed is divided into two parts, H/W parts and S/W parts. The S/W part is mainly composed of a NPPs simulator, especially APR 1400 simulator model. Originally, the I&C systems are implemented by computer codes in the simulator model, however, parts of I&C systems in the simulator are implemented by H/W in the test bed. Then, these actual H/W-based I&C systems are wired to the simulator. Because the cyber security test only can be carried out on real I&C systems (H/W-based I&C systems), it is important to decide on the scoping of HIL in the simulator. In this decision process, the purpose of testing should be considered a priority. The decision process of scoping HIL in the simulator in line with the test purpose is discussed in this paper. For example, if the test purpose is to evaluate the consequences of NPPs induced by cyber-attacks, safety analysis results may be utilized in the decision process. Especially, if the consequences are fuel integrity in NPPs, level 1 PSA results may be used to decide the HIL scope. In that case, most of the I&C systems are safety-grade I&C systems. The number of safety-grade I&C systems is still too much so, more analysis should be accomplished to narrow down the numbers. To derive the most mitigation measures by comparing the mitigation measures in each initiating event may be one example of narrowing down the number of I&C systems. From these processes, the scope of HIL in the simulator corresponds to the test purpose may be decided.
