The guidelines for cyber security regulations at domestic and foreign nuclear facilities, such as KINAC/RS-015, NRC’s RG5.71 and NEI 13-10, require the establishment of security measures to maintain the integrity of critical digital assets (CDAs) and protect them as threats to the supply process. According to the requirements, cyber security requirements shall be reflected in purchase requirements from the time of introduction of CDAs, and it shall also be verified whether cyber security security measures were properly applied before introduction. Domestic licensees apply measures to control the supply chain in the nuclear safety sector to cyber security policies. The safety sector supply chain control policy has areas that functionally overlap with the requirements of cyber security regulations, so regulatory guidelines in the safety sector can be applied. However, since most of the emergency preparedness and physical protection functions introduce digital commercial products, there is a limit to applying the control of the supply chain in the safety field as it is. It is necessary to apply supply chain control operator policies, procedures, and purchase requirements for each SSEP function, or to establish cyber security integrated supply chain control requirements. In this paper, based on the licensee’s current supply chain control policy, the cyber security regulation plan for supply chain control according to the SSEP (Safety-Security-Emergency Preparedness) function of CDAs is considered.

In this study, AHP analysis was conducted through a survey that was organized by 9 job categories. The results show that sustainable operation risks have the highest priority level among all criteria with management interest having the highest priority level within sustainable operation risks related attributes. The most important risk attributes among stakeholder risks appeared to be asset security and cargo and conveyance security, with education and training being the most important among regulatory risks. Effective management and response to the risks from export controls on strategic trade require an understanding of supply chain security and compliance programs, effective training programs, investments for development of security systems that meet international standards. In addition, the government needs to focus on developing professionals and providing support for companies with compliance programs, working closely with businesses.