The licensee of nuclear facilities in the Republic of Korea should ensure the functionality of Critical Digital Assets (CDAs) is maintained and minimize the negative impact of cyber-attacks by establishing a cyber security contingency plan. The contingency plan should include detailed response guidelines for each stage of detection, analysis, isolation, eradication, and recovery and comply with the requirements specified in KINAC’s “Regulatory Standard 015 - Security for Computer and Information System of Nuclear Facilities”. However, since the cyber security contingency plan describes the overall response guidelines for CDA, it may be difficult to respond practically to cyberattacks. This paper suggests a method to address this issue by performing exercises based on the classification of CDA types. CDAs in nuclear facilities can be classified according to their characteristics. The criteria for classifying CDA types include whether the asset is a PC, whether communication ports (RS-232, 422, 485) exist, whether storage devices can be connected through USB/memory card ports and whether internal settings can be changed through HMI devices such as built-in buttons. By classifying CDA types based on the proposed criteria, the attack vectors of CDAs can be defined. By defining the attack vectors, a list of cyber-attacks that CDAs may face can be created, and abnormal symptoms of CDAs resulting from the listed cyber-attacks can be defined. By using the defined abnormal symptoms of CDAs, the response measures of detection, analysis, isolation, eradication, and recovery can be concretized and reflected in the contingency plan. This may enable a more practical emergency response. This paper presents an improvement to the cyber security emergency response plan through the definition of cyber-attacks based on the classification of CDA types. By improving the contingency plan for CDAs as a whole using the proposed method, it is expected that more effective response measures can be taken in the event of a cyber-attack.
According to the “Law on protection and response measures for nuclear facilities and radiation”, Nuclear Power Plant (NPP) licensees should conduct periodic exercises based on hypothetical cyberattack scenarios, and there is a need to select significant and probable ones in a systematic manner. Since cyber-attacks are carried out intentionally, it is difficult to statistically specify the sequences, and it is not easy to systematically establish exercise scenarios because existing engineering safety facilities can be forcibly disabled. To deal with the above situation, this paper suggests a procedure using the Probabilistic Safety Assessment (PSA) model to develop a cybersecurity exercise scenario. The process for creating cyber security exercise scenarios consists of (i) selecting cyber-attack-causing initiating events, (ii) identifying digital systems, (iii) assigning cyber-attack vectors to a digital system, (iv) determining and adding type for operator’s response, (v) modifying a baseline PSA model, and (vi) extracting top-ranked minimal cut sets, and (vii) selecting a representative scenario. This procedure is described in detail through a case study, an expected cyber-attack scenario General Transient-Anticipated Transient Without Scram (GTRN-ATWS). It refers to an accident scenario for ATWS induced by GTRN. Since ATWS is targeted for cyber training in some NPPs, and GTRN is one of the most common accidents occurring in NPPs, GTRN-ATWS was chosen as an example. As for the cyber-attack vector, portable media and mobile devices were selected as examples based on expert judgment. In this paper, only brief examples of GTRN-ATWS events have been presented, but future studies will be conducted on an analysis of all initiating events in which cyber-attacks can occur.
Nuclear power plants (NPPs) are designed in consideration of redundancy, diversity, and independence to prevent leakage of radioactive materials from safety of view, and a contingency plan is established in case of DBA (Design Basis Accident) occurrence. In addition, NPPs have established contingency plans for physical attacks, including terrorist intrusions and bomb attacks. However, the level of contingency plan caused by cyberattacks is quite insufficient compared to the contingency plan in terms of safety and physical protection. The purpose of this paper is to present the problems of cyberattack contingency plan and methods to supplement it. The first problem with cyberattack contingency plan is that the initiating event for implementing the contingency plan is undecided. In terms of safety, the DBA is identified as an initial event, and each contingency plan is based on the initial events specified in the DBA such as Loss of Coolant Accident and Loss of Offsite Power. In terms of physical protection, each has a contingency plan by identifying bomb attacks and terrorist intrusions in Protected Area and Vital Area as initial events. On the other hand, in the contingency plan related to a cyberattack, an initial event caused by a cyberattack is not identified. For this, it is necessary to classify the attack results that may occur when the CDA is compromised based on the attack technique described in Design Basis Threat. Based on this, an initiating event should be selected and a contingency plan according to each initiating event should be established. The second problem is that there is no responsibility matrix according to the occurrence of the initiating event. From a safety point of view, when a DBA occurs, the organization’s mission according to each initial event is described in the contingency plan, and related countermeasures are defined in case of an accident through Emergency Operation Procedure. In the case of physical protection, referring to IAEA’s Regulatory Guide 5.54, the organization’s responsibility is defined in matrix form when an initial event such as a bomb attack occurs. In this way, the responsibility matrix to be carried out in case of initiating events based on the defined initial event should be described in the contingency plan. In this paper, the problems of the cyberattack contingency plan are presented, and for this purpose, the definition of the initial event and the need for a responsibility matrix when the initial event occurs are presented.
Purpose: Researchers have shown that aesthetic judgments of artworks depend on contexts, such as the authenticity of an artwork (Newman & Bloom, 2011) and an artwork’s location of display (Kirk et al., 2009; Silveira et al., 2015). The present study aims to examine whether contextual information related to the creator, such as whether an artwork was created by a human or artificial intelligence (AI), influences viewers’ preference judgments of an artwork. Methods: Images of Impressionist landscape paintings were selected as human-made artworks. AI-made artwork stimuli were created using Google’s Deep Dream Generator by mimicking the Impressionist style via deep learning algorithms. Participants performed a preference rating task on each of the 108 artwork stimuli accompanied by one of the two creator labels. After this task, an art experience questionnaire (AEQ) was given to participants to examine whether individual differences in art experience influence their preference judgments. Results: Setting AEQ scores as a covariate in a two-way ANCOVA analysis, the stimuli with the human-made context were preferred over the stimuli with the AI-made context. Regarding the types of stimuli, the viewers preferred AI-made stimuli to human-made stimuli. There was no interaction effect between the two factors. Conclusion: These results suggest that preferences for visual artworks are influenced by the contextual information of the creator when the individual differences in art experience are controlled.
KINAC (Korea Institute of Nuclear Non-proliferation and Control) is entrusted with the NSSC (Nuclear Safety And Security Commission) to conduct threat assessments for nuclear facilities. As part of the threat assessment, DBT (Design Basis Threat) must be established every three years, and a threat assessment report must be developed for DBT establishment. This paper suggests a method for collecting and analyzing cyber threat information for the development of a cyber security threat assessment report. Recently, cyber threats not only in the IT (Information Technology) field but also in the ICS (Industrial Control System) field are rapidly increasing. As cyber threats increase, threat information including related attack techniques is also increasing. Although KINAC is conducting a threat assessment on cyber security at nuclear facilities, it cannot collect and analyze all cyber threat information. Therefore, it is necessary to determine a reliable source of threat information for threat assessment, and establish a strategy for collecting and analyzing threat information for DBT establishment. The first method for collecting and analyzing threat information is to first collect threat information on industrial fields with high similarity to nuclear facilities. Most of the disclosed cyber threat information is in the IT field, and most of this information is not suitable for closed-network nuclear facilities. Therefore, it is necessary to first collect and analyze threat information on facilities that use networks similar to nuclear facilities such as energy and financial sector. The second method is to analyze the attack technique for the collected threat information. The biggest factor in DBT reset is whether there is a new threat and how much it has increased compared to the existing threat. Therefore, it is necessary to analyze which attack technique was used in the collected threat information, and as part of the analysis, a cyber attack analysis model such as a kill chain can be used. The last method is to collect and manage the disclosed vulnerability information. In order to manage vulnerabilities, it is necessary to analyze what assets are in the nuclear facility first. By matching the reported vulnerability with the CDA (Critical Digital Asset) in the facility, it is possible to analyze whether the CDA can be affected by a cyber attack.As cyber threats continue to increase, it is necessary to analyze threat cases of similar facilities, attack techniques using attack models, and vulnerability analysis through asset identification in order to develop a threat assessments report.
In accordance with the Enforcement Decree of the Act on Physical Protection and Radiological Emergency, operators of Nuclear Power Plants (NPP)s must conduct full cyber security exercise once a year and partial exercise at least once every half year. Nuclear operators need to conduct exercise on systems with high attack attractiveness in order to respond to the unauthorized removal of nuclear or other radioactive material and sabotage of nuclear facilities. Nuclear facilities identify digital assets that perform SSEP (Safety, Security, and Emergency Preparedness) functions as CDA (Critical Digital Assets), and nuclear operators select exercise target systems from the CDA list and perform the exercise. However, digital assets that have an indirect impact (providing access, support, and protection) from cyber attacks are also identified as CDAs, and these CDAs are relatively less attractive to attack. Therefore, guidelines are needed to select the exercise target system in the case of unauthorized removal of nuclear or other radioactive material and sabotage response exercise. In the case of unauthorized removal of nuclear or other radioactive material, these situations cannot occur with cyber attacks and external factors such as terrorists must be taken into consideration. Therefore, it is necessary to identify the list of CDAs that terrorists can use for cyber attacks among CDAs located in the path of stealing and transporting nuclear material and conduct intensive exercise on these CDAs. A typical example is a security system that can delay detection when terrorists attack facilities. In the case of sabotage exercise, a safety-related system that causes an initiating event by a cyber attack or failure to mitigate an accident in a DBA (Design Basis Accident) situation should be selected as an exercise target. It is difficult for sabotage to occur through a single cyber attack because a nuclear facility has several safety concepts such as redundancy, diversity. Therefore, it can be considered to select an exercise target system under the premise of not only a cyber attack but also a physical attack. In the case of NPPs, it is assumed that LOOP (Loss of Offsite Power) has occurred, and CDA relationships to accident mitigation can be selected as an exercise target. Through exercise on the CDA, which is more associated with unauthorized removal of nuclear or other radioactive material and sabotage of nuclear facilities, it is expected to review the continuity plan and check systematic response capabilities in emergencies caused by cyber attacks.