Licensees are required to protect critical digital assets (CDAs) in nuclear facilities against cyber-attacks, up to and including design basis threat (DBT), according to「ACT ON PHYSICAL PROTECTION AND RADIOLOGICAL EMERGENCY」. However, CDAs may be excluded from cyber security regulations at nuclear power plant decommissioning, and this may lead to severe consequences if the excluded CDAs contain sensitive information such as the number and location of nuclear fuels and information on security officers. In that case, that information could be leaked to the adversary without adequately removing the information before discarding the CDAs. It can be potentially abused to threaten nuclear facilities inducing radiological sabotage and nuclear material theft. So, controls of sensitive information are needed. This study aims to derive regulatory improvements related to discarding CDAs that have sensitive information by analyzing foreign cases such as IAEA and U.S. NRC. The sensitive information in the IAEA guide is the following: (1) details of physical protection systems and any other security measures in place for nuclear material, other radioactive material, associated facilities, and activities; (2) information relating to the quantity and form of nuclear material or other radioactive material in use or storage; (3) information relating to the quantity and form of nuclear material or other radioactive material in transport; (4) details of computer systems; (5) contingency and response plans for nuclear security events; (6) personal information; (7) threat assessments and security alerting information; (8) details of sensitive technology; (9) details of vulnerabilities or weaknesses that relate to the above topics; (10) historical information on any of the above topics. In the case of the U.S. NRC, they categorize sensitive information into three groups: (1) classified information, (2) safeguard information (SGI), (3) sensitive unclassified non-safeguards information (SUNSI). Classified information is information whose compromise would cause damage to national security or assist in manufacturing nuclear weapons. The SGI concerns the physical protection of operating power reactors, spent fuel shipments, strategic special nuclear material, or other radioactive material. Finally, SUNSI is generally not publicly available information such as personnel privacy, attorney-client privilege, and a confidential source. IAEA recommends protecting the above sensitive information in accordance with NSS No.23-G (Security of Nuclear Information), and NRC protects classified information, SGI, and SUNSI under relative laws. In the case of ROK, if security control measures are enhanced CDAs that possess sensitive information, the risk of information leakage will be decreased when those CDAs are discarded.

공학적 안전설비 공기정화계통의 규제지침인 Reg. Guide 1.52(Rev.3)의 변경사항중 성능시험과 관련 한 운전가능성 시험시간 단축, HEPA 필터 현장누설시험용 시험물질 변경 및 활성탄 성능시험 Methyl Iodidie 투과허용율 상향 변경을 영광 5,6호기에 적용하고자, 모사실험장치와 현장 설비를 활용하여 기술 적 타당성을 확인하는 실험을 수행하였다. 10시간 이상의 장시간 운전가능성 시험을 통해 계통내 습분을 제거하여도 시험후 1∼4일만에 회복됨을 확인하여 운전가능성 시험은 기기적 운전가능성 점검에 적합한 매월 15분 이상의 시험을 수행하는 것이 타당함을 확인하였다. HEPA 필터 현장누설시험용 시험물질 변 경을 위해 DOP와 PAO의 에어로졸 입자크기, 발생량, 누설인지도를 비교한 결과 PAO는 원전에서도 DOP 대체시험물질로 사용 가능함을 확인하였다. 베드깊이 4 인치 이상의 활성탄여과기에 대한 Methyl Iodide의 투과율 허용치가 0.175 %에서 0.5 %로 상향 변경된 것은, ASTM D3803(1989)으로의 활성탄 성 능시험 방법 변경에 따른 것으로서, 30 ℃ 상대습도 95 %에서의 Methyl Iodide 투과허용율 0.5 %가 사용 중 활성탄의 성능을 시험하기에 충분히 보수적인 시험방법임을 확인하였다. 본 실험 결과를 바탕으로 영 광 5,6호기는 인허가변경을 완료하였다.