The Republic of Korea is implementing safeguards for domestic nuclear facilities through cooperation with the IAEA. But it is not to evaluate the material balance for the material unaccounted for, MUF in the bulk handling facility. Although the development of a material balance evaluation program is underway, there are no related regulations. The State Regulatory Authority, SRA is performing material balance evaluation, MBE on the facility based on the design information and material balance results of the facility. However, it is not possible to directly derive measurement uncertainty for the facility’s measurement equipment, which is an important variable of MBE. To solve this problem, it is trying to derive a method suitable for the domestic environment by investigating the some measurement uncertainty estimation methods and analyzing characteristics of them. In this study, the traditional measurement uncertainty estimation method, GUM method and GUM-S1 method were studied and the advantages and disadvantages were analyzed. Due to the problems mentioned above, the uncertainty quantification technique currently being used cannot be applied to the evaluation of the domestic material balance. Therefore, we are tying to apply them to the evaluation the domestic material balance through the above three methods or a combination of them appropriately. Through this continuing study, it is expected that it will be possible to present a plan to derive measurement uncertainty optimized for the domestic MBE environment.

Because a cyber-attack on industrial control system (ICS) and/or critical infrastructure such as NPPs is evolving, it is necessary to develop a cyber security regulation technology corresponding to the attack technology. Nevertheless, it is almost impossible to test actual I&C systems in NPPs for evaluating cyber security against new vulnerabilities or attack vectors. So, a testing environment is needed to conduct penetration tests and evaluate the overall cyber security of NPPs. For that purpose, KINAC is developing a cyber security test bed and has plans to apply the insight from the test bed to cyber security regulation in NPPs. Conceptually, the test bed is divided into two parts, H/W parts and S/W parts. The S/W part is mainly composed of a NPPs simulator, especially APR 1400 simulator model. Originally, the I&C systems are implemented by computer codes in the simulator model, however, parts of I&C systems in the simulator are implemented by H/W in the test bed. Then, these actual H/W-based I&C systems are wired to the simulator. Because the cyber security test only can be carried out on real I&C systems (H/W-based I&C systems), it is important to decide on the scoping of HIL in the simulator. In this decision process, the purpose of testing should be considered a priority. The decision process of scoping HIL in the simulator in line with the test purpose is discussed in this paper. For example, if the test purpose is to evaluate the consequences of NPPs induced by cyber-attacks, safety analysis results may be utilized in the decision process. Especially, if the consequences are fuel integrity in NPPs, level 1 PSA results may be used to decide the HIL scope. In that case, most of the I&C systems are safety-grade I&C systems. The number of safety-grade I&C systems is still too much so, more analysis should be accomplished to narrow down the numbers. To derive the most mitigation measures by comparing the mitigation measures in each initiating event may be one example of narrowing down the number of I&C systems. From these processes, the scope of HIL in the simulator corresponds to the test purpose may be decided.

The guidelines for cyber security regulations at domestic and foreign nuclear facilities, such as KINAC/RS-015, NRC’s RG5.71 and NEI 13-10, require the establishment of security measures to maintain the integrity of critical digital assets (CDAs) and protect them as threats to the supply process. According to the requirements, cyber security requirements shall be reflected in purchase requirements from the time of introduction of CDAs, and it shall also be verified whether cyber security security measures were properly applied before introduction. Domestic licensees apply measures to control the supply chain in the nuclear safety sector to cyber security policies. The safety sector supply chain control policy has areas that functionally overlap with the requirements of cyber security regulations, so regulatory guidelines in the safety sector can be applied. However, since most of the emergency preparedness and physical protection functions introduce digital commercial products, there is a limit to applying the control of the supply chain in the safety field as it is. It is necessary to apply supply chain control operator policies, procedures, and purchase requirements for each SSEP function, or to establish cyber security integrated supply chain control requirements. In this paper, based on the licensee’s current supply chain control policy, the cyber security regulation plan for supply chain control according to the SSEP (Safety-Security-Emergency Preparedness) function of CDAs is considered.