1 Announcement of a new IAEA Co-ordinated Research Programme (CRP) 1. Title of Co-ordinated Research Programme Design and engineering aspects of the robustness of digital instrumentation and control (I&C) systems in nuclear power plants (NPPs) against malicious acts (tentative title). 2. Brief Summary This document presents a proposal for a CRP on the evaluation, comparison, and improvements of the characteristics of various digital I&C system designs used in NPPs, in terms of their robustness to cyberattacks, or in general, to any internal or external malicious acts. Cybersecurity is currently the object of much attention, in a large part due to the pervasiveness and critical roles of digital systems in modern societies. Similarly, digital I&C systems and equipment play an increasing role in NPPs, either through initial design or through I&C modernizations and upgrades. Malicious attacks on these systems could have serious effects on plant safety, which in turn could lead to severe, unacceptable, societal consequences. Also, particularly in countries where nuclear power represents a significant part of electricity production, NPPs availability and performance can be of vital economic and societal interest. In addition, vulnerability of NPP systems to malicious attacks could undermine the public acceptance of nuclear power. This proposal identifies, and plans to complete, the research, evaluation, comparison and improvements required in the fields of digital I&C systems. The technical subject of the CRP was identified by the IAEA Technical Working Group on Nuclear Power Plant Control and Instrumentation (TWG-NPPIC) as an area of high importance. Many members of the TWG-NPPIC are potential contributors and reviewers of the proposed CRP. Similarly, cyber security of nuclear installations was the subject of a recent initiative of three IAEA divisions (NSNS, NENP, NSNI) resulting in a workshop which took place in February 2011 and a large technical meeting to be held in May Background situation analysis (Rationale/Problem) 3.1 Solutions good for Information Technology (IT) systems are not always applicable to digital I&C systems in NPPs Very significant efforts have already been devoted to the general issue of cybersecurity, resulting in various approaches, methods, techniques, standards, regulatory requirements and guidelines. However, these results were mainly developed for, and applied to, general IT systems, and are not always directly applicable, and should not be applicable, to NPP digital systems, especially in systems important to safety. In particular, most of these NPP systems are, to various degrees, of importance to plant safety, availability and / or performance. Most of these systems are also real-time systems, the actions of which must be performed within strict time intervals. Examples of such actions are reactor trips, limitation actions, alarms signalling to operators. Therefore, it is absolutely essential that cybersecurity measures do not risk preventing or delaying necessary actions. This is particularly true for actions also involving human actions, like those of control-room or field operators. It is equally important that cybersecurity measures do not risk causing spurious or incorrect actions that could lead to plant trips, plant equipment damage, or worse, accident conditions. Such risks could occur if cybersecurity measures introduce additional complexity in the system design to the point where verification & validation (V&V) is less effective and there is an increased potential for failure due to unnecessary complex designs. For example, whereas encryption is a cybersecurity technique commonly used in IT Systems, it is generally avoided in I&C systems.
2 Similarly, cybersecurity measures should not add significant complexity to, or lengthen, plant and I&C systems operation and maintenance activities, such as surveillance, diagnostics, repairing and recovery from failures NPP digital I&C systems have specific cybersecurity needs Another reason why cybersecurity measures applicable to IT systems are not always appropriate to NPP digital systems is that NPP digital systems have distinct cybersecurity needs. In particular, most NPP systems put a lesser emphasis on information confidentiality (e.g. access to temperature and pressure data does not in itself lead to direct threats on the plant), and a higher emphasis on system and information integrity (e.g. prevention of unauthorised changes, preclusion of undetected modifications) and system availability. 4. Overall Objective The overall objectives of the proposed CRP is to strengthen Member States capabilities for optimization of nuclear power plants performance and service life by means of improved understanding of the related engineering and management areas of cyber security. This includes making appropriate measures against malicious acts targeting the digital I&C systems of NPPs. The objectives of the CRP are in line with, and directly support, Project Engineering support for design, operation, maintenance, and plant life management for safe long term operation under Sub-programme Integrated Support for Operating Nuclear Facilities in the Programme Cycle. 5. Specific Research Objective (Purpose) The objective of this CRP and its research approach are listed below Terminology Cybersecurity practices have been extensively developed to protect IT systems. Consequently, the associated terminology and concepts concerning this issue primarily relate to the protection of information systems during the conduct of information exchange and storage. For nuclear power plants, a primary concern is the assurance of the functionality of active control and safety systems and the integrity of real-time data upon which those systems rely. Therefore, it is necessary to ensure that the terminology within the cybersecurity discipline is appropriately translated and expanded to accommodate the unique considerations of nuclear power plants digital I&C systems. Enhancement of a context-specific glossary of cybersecurity terminology is a key unifying activity to advance the treatment of potential vulnerabilities and application of mitigation techniques Analysis of Standards, Regulatory Requirements, Guidance and Practices In addition to general security standards like ISO 17799, several standards and guides relating to cybersecurity for nuclear facilities have been recently released or are currently under development. Specifically, the IAEA is developing a draft guide for computer security at nuclear facilities. The International Electrotechnical Commission is currently generating an initial standard (IEC 62645) on security programs for computer-based systems. The U.S. Nuclear Regulatory Commission has issued guidance on cybersecurity programs at nuclear facilities in Regulatory Guide (RG) In addition, RG 1.152, Rev. 2, contains guidance on cybersecurity considerations throughout the lifecycle of digital I&C system. The Nuclear Energy Institute also provides cybersecurity guidelines for the U.S. nuclear power industry. Additional standards are being developed by ISA99 and IEC TC65 for computer security of industrial automation. An analysis of these standards and others will be conducted under this research program to capture commonalities and differences, identify gaps in guidance, and provide the basis for development of a harmonized approach.
3 5.3. Identification of Security Goals for NPP Digital I&C Systems As noted earlier, NPP digital systems have specific cybersecurity needs. Therefore, one research action of the CRP will be to specify the cybersecurity solutions and good practices for various classes of NPP digital systems and equipment. In particular, attention should be also given to support systems. One example of such systems is the configuration or programming devices, which allow operators to enter or modify systems parameters or systems programming. Other examples are engineering, monitoring and diagnostics workstations Identification of Threats to NPP Digital I&C Systems Threats may occur at various components (entry points) of a complex digital I&C system and at various stages of the digital system lifecycle, in particular during development, manufacturing, installation on site, operation, maintenance and modification. One research action of the CRP will be to identify and characterise these threats along the lifecycle Identification of Constraints Specific to NPP Digital I&C Systems Also as noted earlier, NPP digital I&C systems are submitted to specific constraints. One action of the CRP will be to systematically list these constraints and requirements, for the various classes of NPP digital I&C systems and equipment Solutions and Opportunities This CRP will assess the known protection measures against the identified threats, taking into consideration the identified constraints on digital I&C systems. It may also propose desired features and protections based on the good practices collected and analysed in the CRP. The treatment of cybersecurity in digital I&C systems at nuclear power plants can take many forms. Opportunities to prevent, mitigate, or tolerate cyber threats can arise through technological means, system design, and plant I&C architecture. The identification of approaches and options requires investigation of the cybersecurity features of current and emerging digital I&C systems at nuclear power plants as well as determination of characteristics that can be exploited to address potential threats and provide appropriate levels of protection. The selection of technology upon which to implement digital I&C systems can be informed by consideration of relative strengths and weaknesses related to susceptibility and robustness. Specifically, software-based platforms, programmable logic devices, and mixed mode (analog and digital) circuits offer different cyber-related characteristics. This research program will contribute to the systematic identification of key characteristics offered by various technological options and thus support a clear assessment of potential vulnerabilities. The research results can facilitate exploitation of a range of capabilities through design and architectural configuration to eliminate threats, mitigate risk and minimize the impact of attacks Overall Plant Security Framework These measures could (and should, when appropriate) in a large part rely on measures already taken for plant safety and security, and for system safety and dependability. In particular, physical access to digital systems cabinets is generally necessary to modify parameters or programming, and NPPs provide extensive physical access protection. Also, plant personnel that have access to critical locations are carefully screened. Also, nuclear power plants traditionally employ architectural concepts (such as independence, redundancy, defense in depth, and diversity) to support safety. These architectural considerations can be exploited to contribute to cybersecurity. For example, diversity in system design or technology usage can reduce commonalities in vulnerability among key safety or control systems. This research
4 program will investigate the impact of various architectural approaches (redundancy, diversity, voting, etc.) on achieving the goals of safety, availability and security Dependability & Safety Measures Already Applied to NPP Digital I&C Systems This research program will investigate effective approaches to ensure adequate treatment of cybersecurity considerations in design throughout the system lifecycle. Digital I&C system design generally provides for realization of functional and performance requirements with specified quality and reliability characteristics. Historically, cybersecurity has not been given significant consideration in the design of I&C systems at nuclear power plants because these systems have traditionally been invulnerable to cyberattack due to rigid (i.e., hardwired or analog) implementation, segregation (i.e., stove-piped or isolated systems), and a general absence of interactive communications (especially with external networks). However, the transition to digital technology is changing the nature of I&C systems at nuclear power plants by enabling extensive interconnection of reprogrammable functionally interdependent I&C systems. Thus, cybersecurity must be explicitly considered as part of the system design. Defensive design measures that have been developed to ensure deterministic performance and reliable functionality can be adapted to also address prevention or mitigation of cyber threats. In addition to the digital implementation itself, the design process consists of lifecycle phases in which vulnerabilities can exist, for example through compromise of design or testing tools. Thus, cybersecurity must be addressed not only through design features of the system but also through provision and protections established for the design and development process. In particular, fault avoidance, detection and tolerance approaches, and extensive independent verification & validation (V&V), sometimes based on methods and tools diverse from those used during development, could be credited in the defence against malware that could be introduced during development. Overall, considering what is already done regarding the systems that are the most important to safety, it is expected that limited changes in design and development process will be necessary. However, the same cannot be said of all systems of low safety significance and support systems, and it is likely that more effort will be necessary there. 6. Expected Research Outputs The results of this CRP are planned to be published in a Nuclear Energy Series document when the work of the CRP is completed. Due to the sensitive nature of the subject, the distribution of the report should be restricted. Constrains of confidentiality should also be placed on the developing and execution process of the CRP. 7. Expected Research Outcomes After completing the tasks under this CRP, recommendations to NPP utilities, regulatory bodies, and I&C vendors may be available. Gaps in various national and international standards, guidelines and good practice documents will be identified, to which participants can direct future research activities to improve the resistance of NPP digital I&C systems to malicious acts. Mapping and gap analysis of existing cybersecurity guidance applicable to digital I&C systems in nuclear power plants Compilation of best practices of cybersecurity for system vendors, I&C architects, utilities, regulators Comparison of methods & tools for assessing threats and effectiveness of responses to cyberthreats Comparison of various conceptual designs of digital I&C architectures in terms of their resistance to cyberattacks.
5 8. Relationship to Sub-programme Objective The expected research outputs of the proposed CRP would contribute to the objectives of Project Engineering support for design, operation, maintenance, and plant life management for safe long term operation under Sub-programme Integrated Support for Operating Nuclear Facilities in the Programme Cycle: To enhance performance and safe lifetime operation of nuclear power plants. 9. Action Plan (Activities) Description of Activity 1. Identification and Description of Programme Objectives (1) (2) (3) The technical areas for research, assessment, and comparisons, that need to be developed under the CRP, will be identified. CRP objectives, a three-year workplan, and the expected results of the CRP will be established. 2. Evaluation of Proposals and Selection of Participating Organizations The CRP will require the participation of several key organizations covering the subjects of the CRP. Research agreements will be awarded to the organizations submitting the best proposals to achieve CRP objectives. Chief Scientific Investigators (CSI) from each participating organization will be identified. 3. First Research Co-ordination Meeting (RCM) to Establish Research Activities Organizing the 1 st meeting for the CRP. Participating organizations will present their research proposals and their related experience. A work plan and draft outline of the expected CRP report on the subject will be developed. Post-meeting assignments will be given to participants. 4. Exchange of Information During the First and the Second of the CRP The IAEA Secretariat and the CSIs will arrange for the exchange of information between the meetings. During the first year of the CRP, an interim report will be drafted and circulated before the next meeting. 5. Second Research Co-ordination Meeting to Report on First Results and Write First Draft of Report on the Subject Participating organizations will present their reports on the activities and results from the first year of CRP. The interim report on the subject will be developed from the results of the activities in the first and the second year of CRP and published as a working document.
6 Description of Activity 6. Exchange of Information During the Second and the Third of the CRP (1) (2) (3) IAEA Secretariat and the CSIs will exchange information during the second and the third year of the CRP. The draft CRP report will be updated and further developed using the results and information obtained during the first and second year of the CRP. The draft report will be circulated before the next meeting. 7. Third Research Co-ordination Meeting to Evaluate Research Results Achieved in All Areas of Engineering Solutions Participating organizations will present working groups and national reports on the activities and results from the third year of the CRP. The second draft of the report on the CRP will be prepared including new information based on experience and the activities in the third year of the CRP. 8. Publish an NE-Series Report on the Results of the CRP 10. Assumptions It is assumed that limited financial resources will be available from both the IAEA and the participations organizations. It is also assumed that participating organizations commit themselves to the execution of the project for its entire duration. Specific assumptions are mentioned in Section 13. Equally important is the consensus between NENP, NSNI, and NSNS on the scope, objectives, and deliverables of the CRP. 11. Foreseen Participation It is expected that proposals for research agreements will be submitted from Member States with operating NPPs, or NPPs under construction, such as Canada, China, Finland, France, Germany, Hungary, Japan, Republic of Korea, Russian Federation, Sweden, Switzerland, Ukraine, United Kingdom, United States of America. Proposals may be received from additional Member States. Potential participating organizations could be NPP I&C vendors, nuclear utilities, regulatory bodies and their TSOs, research laboratories, and international organisations. 12. Links to Technical Cooperation (TC) Projects Outputs of the CRP can be used in related national and regional TC projects, if such projects are initiated for the cybersecurity of digital I&C systems in NPPs. This may include the use of CRP-based reports and working materials as workshop/training materials. Also, results of benchmarking or design comparisons produced under the CRP can serve as teaching tools. CRP participants are also potential lecturers and experts at future TC workshops and expert missions. The successful conclusion of the CRP may also lead to new TC projects on the subject.
7 13. Logical Framework The table below describes the Logical Framework for the CRP. Narrative summary Specific Research Objective: The objective of this CRP is to define and coordinate research to support the assessment and comparison of Existing good practices in designing, implementing, and operating digital I&C systems from the viewpoint of cybersecurity The characteristics of the ideal I&C systems resistant to cyberattacks Consistent terminology used in cybersecurity of IT systems and digital I&C systems in NPPs, in order to accommodate the unique considerations of NPP digital I&C systems. Objective verifiable indicators The R&D areas identified in the CRP workplan are progressing and the CRP draft report is updated periodically. CRP meetings are held and significant contributions are received from the CSIs. Enhancement of a contextspecific glossary of cybersecurity terminology for digital I&C systems in NPPs. Means of verification Progress reports and the CRP draft report are reviewed periodically by NENP, NSNI, and NSNS. Important assumptions Support from the CSIs home organization is provided to CRP participants. Continuous coordination occurs between CSIs and the IAEA. Coordinated work is being done between CRP meetings. Appropriate support is provided to the CRP activities by the IAEA Project Officer. Analysis of Standards, Regulatory Requirements, Guidance and Practices Identification of security goals, threats, and constraints specific to NPP digital I&C systems Expected Research Outputs: The result of this CRP will be a Nuclear Energy Series document or a TECDOC describing the results supporting the above objectives. Progress reports and RCM reports will be prepared according to the action plan. CRP draft report is updated periodically. Progress reports and RCM reports are reviewed. The CRP final report is approved by NE-DCT, NSNI, NSNS and PC. Sufficient technical potential, skills, time, and resources are available from participating organizations to conduct the research. CRP members (especially, vendors and NPP utilities) are willing to share designrelated information CRP s research areas are covered by ongoing R&D projects in participating organizations.
8 Narrative summary Objective verifiable indicators Means of verification Important assumptions Activities Formation of a team of CSIs representing NPP utilities, I&C vendors, nuclear regulators and TSOs to implement the CRP Research agreements are awarded Approval of the research agreements by NACA. NENP, NSNI, and NSNS agree on the CRP s workplan and the composition of the CSI groups. Organizing the 1 st RCM (2011) 1 st RCM held CRP Progress Report is produced and the CRP draft report is updated. Organizing the 2 nd RCM (2012) 2nd RCM held CRP Progress Report is produced Organizing the 3 rd RCM (2013) 3rd RCM held CRP Progress Report is produced Publishing the CRP Final Report as a Nuclear Energy Series Document or a TECDOC in 2013 The CRP Final Report is produced The CRP Final Report is approved and published Enough number of proposals are submitted from qualified organizations. Research areas are assigned to groups of CSIs covering all relevant areas Research is progressing and the results are being integrated into the CRP draft report. Research tasks are near completion and the CRP draft report is updated. All key CSIs contributed to the CRP draft report and the report is approved by NE-DCT, NSNI, NSNS and PC.
MDEP Generic Common Position No DICWG 02 Related to: Digital Instrumentation and Controls Working Group activities COMMON POSITION ON SOFTWARE TOOLS FOR THE DEVELOPMENT OF SOFTWARE FOR SAFETY SYSTEMS 1
IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD A NEW IEC STANDARD FOR CYBERSECURITY FOR NUCLEAR POWER PLANTS: IEC 62645 - REQUIREMENTS FOR SECURITY PROGRAMS FOR COMPUTER-BASED
1 1 1 1 1 1 1 1 0 1 0 1 0 1 NUCLEAR SECURITY SERIES NO. XX NST0 DRAFT, November 01 STEP : Submission to MS for comment COMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES DRAFT
Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Jung-Woon Lee, Cheol-Kwon Lee, Jae-Gu Song, and Dong-Young Lee I&C and HF Research Division, Korea Atomic Energy
http://dx.doi.org/10.5516/net.04.2012.091 AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG *, JUNG-WOON LEE, GEE-YONG PARK, KEE-CHOON KWON,
IAEA-TECDOC-1328 Solutions for cost effective assessment of software based instrumentation and control systems in nuclear power plants Report prepared within the framework of the Technical Working Group
Integrating Cyber Security into Nuclear Power Plant Safety Systems Design Deanna Zhang U.S. Nuclear Regulatory Commission Document Date: 05/21/2010 Objectives To provide methods for utilizing safety features,
March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation
GENERAL DISTRIBUTION OCDE/GD(95)115 OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT THE APPLICATION OF THE PRINCIPLES OF GLP TO COMPUTERISED
The Role of Nuclear Knowledge Management A. Introduction The Agency has been a focal point for nuclear knowledge and information since its establishment in 1957. Nuclear knowledge management (NKM) came
Cyber Security Design Methodology for Nuclear Power Control & Protection Systems By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC) 1. INTRODUCTION In today s world, cyber security is one
International Conference on Opportunities and Challenges for Water Cooled Reactors in the 21st Century Vienna, Austria, 27 30 October 2009 FPGA- based technology and systems for I&C of existing and advanced
TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective Terry Jamieson Vice-President Technical Support Branch Canadian Nuclear Safety Commission August 11, 2015 www.nuclearsafety.gc.ca
A Methodology for Safety Case Development Peter Bishop Adelard, London, UK Robin Bloomfield Adelard, London, UK 1 Introduction A safety case is a requirement in many safety standards. Explicit safety cases
Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Sooill Lee a*, Yong Sik Kim a, Song Hae Ye a a Central Research Institute, Korea Hydro and
IAEA Services Series No. 6 ESRS guidelines for software safety reviews Reference document for the organization and conduct of Engineering Safety Review Services (ESRS) on software important to safety in
Spreading the Word on Nuclear Cyber Security Clifford Glantz, Guy Landine, Philip Craig, and Robert Bass Pacific Northwest National Laboratory (PNNL) PO Box 999; 902 Battelle Blvd Richland, WA 99352 USA
Feature Samir Malaviya, CISA, CGEIT, CSSA, works with the Global Consulting Practice-GRC practice of Tata Consultancy Services and has more than 17 years of experience in telecommunications, IT, and operation
Achieving Functional Safety with Global Resources and Market Reach 0A 0B Burner management systems Combustion controls Electric vehicle components (on-board, off board) Electrosensitive equipment Elevator
Application of FPGA-based Safety Controller for Implementation of NPPs I&C Systems Vladimir Sklyar, Technical Director Seminar FPGA-based I&C Systems in Nuclear Applications February 4, 2015, Energiforsk,
CYBER SECURITY INDUSTRY GUIDELINES Aron Sorensen, Chief Marine Technical Officer, BIMCO 1 BIMCO Founded in 1905-2,300 members in around 130 countries Membership includes shipowners, operators, managers,
Brad Schuette IT Manager City of Punta Gorda email@example.com (941) 575-3354 2015 FRWA Annual Conference Don t Wait Another Day 1 SCADA Subsystems Management Physical Connectivity Configuration Mgmt.
http://dx.doi.org/10.5516/net.04.2011.065 A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG, JUNG-WOON LEE *, CHEOL-KWON LEE, KEE-CHOON KWON, and DONG-YOUNG
Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004) Dale Perry Worldwide Pressure Marketing Manager Emerson Process Management Rosemount Division Chanhassen, MN 55317 USA
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide
WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...
1 Nuclear Power Plant Electrical Power Supply System Requirements Željko Jurković, Krško NPP, firstname.lastname@example.org Abstract Various regulations and standards require from electrical power system of the
Options for Cyber Security Design Requirements for Power Reactors April 9, 2015 Scope Discuss options for including cyber security design requirements for power reactors into NRC regulations Scope does
Complex Systems Design & Management 2011 Safety and security interdependencies in complex systems and SoS: Challenges and perspectives Sara Sadvandi (Sodius) email@example.com Nicolas Chapon (C-S) firstname.lastname@example.org
U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH REGULATORY GUIDE 5.71 (New Regulatory Guide) CYBER SECURITY PROGRAMS FOR NUCLEAR FACILITIES A INTRODUCTION
Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has
System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology to the Cyber Security of Physical Systems Barry M. Horowitz, Kate Pierce University of Virginia April, 2012
61508-3 ª IEC: 1997 1 Version 12.0 05/12/97 COMMISSION CEI ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL COMMISSION Functional safety of electrical/electronic/ programmable
Cyber Security in a Nuclear Context Mitchell Hewes & Nick Howarth UNCLASSIFIED Who are we? Our Facilities Synchrotron Accelerators Cyclotron OPAL Lucas Heights Campus Some Considerations We have an interesting
Abstract Session 14: Functional Security in a Process Environment Kurt Forster Industrial IT Solutions Specialist, Autopro Automation Consultants In an ideal industrial production security scenario, the
IAEA Research Reactor Operations & Maintenance Support 2014 TRTR Meeting August 3rd-7th, 2014 Benson Hotel Portland Oregon By Charles R Morris Personal Nuclear History Contents 1. Introduction 2. Digital
The rocky relationship between safety and security Best practices for avoiding common cause failure and preventing cyber security attacks in Safety Systems Abstract: An industry practice reflected in the
U.S. Department of Energy Washington, D.C. NOTICE DOE N 203.1 Approved: Expires: 06-02-01 SUBJECT: SOFTWARE QUALITY ASSURANCE 1. OBJECTIVES. To define requirements and responsibilities for software quality
2 OECD RECOMMENDATION OF THE COUNCIL ON THE PROTECTION OF CRITICAL INFORMATION INFRASTRUCTURES ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT The OECD is a unique forum where the governments of
Technical Meeting on Evaluation and Dependability Assessment of Software for Safety Instrumentation and Control Systems at Nuclear Power Plants Hosted by the Government of the Republic of Korea through
Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology
Further needs in the Area of management systems Safety culture, leadership and preoperational stages of nuclear projects Human Factors in Design and Construction Regulatory Perspective Technical Meeting,
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
Protect Your Assets Cyber Security Engineering Control Systems. Power Plants. Hurst Technologies Cyber Security The hackers are out there and the cyber security threats to your power plant are real. That
Development and Application of POSAFE-Q PLC Platform MyeongKyun Lee a, SeungWhan Song a, DongHwa Yun a a POSCO ICT Co. R&D center, Korea Techno-complex 126-16, 5-ka, Anam-dong, Sungbuk, Seoul, Republic
Cyber Security Implications of SIS Integration with Control Networks The LOGIIC SIS Project Standards Certification Education & Training Publishing Conferences & Exhibits Presenter Zach Tudor is a Program
U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Cybersecurity Controls Over a Major National Nuclear Security Administration Information System DOE/IG-0938
A DEVELOPMENT FRAMEWORK FOR SOFTWARE SECURITY IN NUCLEAR SAFETY SYSTEMS: INTEGRATING SECURE DEVELOPMENT AND SYSTEM SECURITY ACTIVITIES JAEKWAN PARK * and YONGSUK SUH Korea Atomic Energy Research Institute
Cyber Security nei prodotti di automazione Marco Biancardi, ABB SpA, Power System Division 11 dicembre 2013, Roma Why is it an issue? Isolated devices Point to point interfaces Proprietary networks Standard
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
Guideline Installation and commissioning Validation Operation and maintenance Modification Decommissioning Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing
Patching Off-the-Shelf Software Used in Medical Information Systems This Paper was developed by the Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC) This Paper has been approved by: NEMA (National
INL/CON-07-13483 PREPRINT Help for the Developers of Control System Cyber Security Standards 54 th International Instrumentation Symposium Robert P. Evans May 2008 This is a preprint of a paper intended
The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish
1 ISA Security Compliance Institute Internationally Accredited Conformance Scheme ISASecure certification programs are accredited as an ISO/ IEC Guide 65 conformance scheme and ISO/IEC 17025 lab operations
Defending the Internet of Things Identity at the Core of Security +1-888-690-2424 entrust.com Table of contents Introduction Page 3 Challenge: protecting & managing identity Page 4 Founders of identity
The Advantages of an Integrated Factory Acceptance Test in an ICS Environment By Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst,
NIST Industrial Control System Security Activities Keith Stouffer National Institute of Standards and Technology Collaborating to Advance Control System Security NIST ICS Security Activities NIST s role
Improving regulatory practices through the OECD-NEA Stress Corrosion Cracking and Cable Ageing Project (SCAP) A. Yamamoto a, A. Huerta a, K. Gott b, T. Koshy c a Nuclear Safety Division, OECD Nuclear Energy
6 th Floor, Tower A, 1 CyberCity, Ebene, Mauritius T + 230 403 6000 F + 230 403 6060 E ReachUs@abaxservices.com INFORMATION SECURITY POLICY DOCUMENT Information Security Policy Document Page 2 of 15 Introduction
Effective Nuclear Security Regulation: The Importance of Trust Dr. Roger Howsley Executive Director Second International Regulators Conference on Nuclear Security, Madrid, Spain, May 11-13, 2016 Outline
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
Hitachi Review Vol. 62 (2013), No. 3 168 Nuclear Security and Incident Response Kazuhiko Tanimura Hisayuki Ito Hiroyuki Kimura OVERVIEW: Since the Great East Japan Earthquake, there has been a requirement
FOREWORD In recent years there has been a growing awareness of the potential for accidents involving radiation sources, some such accidents having had serious, even fatal, consequences. More recently still,
A New Standards Project on Avoiding Programming Language Vulnerabilities Jim Moore Liaison Representative from IEEE Computer Society to ISO/IEC JTC 1/SC 7 Liaison Representative between ISO/IEC JTC 1/SC
Factory Acceptance Testing Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:email@example.com -1- Summary According to the
Safety Requirements Specification Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:firstname.lastname@example.org -1- Summary Safety Requirement
Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information
Changing data needs from a life cycle perspective in the context of ISO 55000 Mr. Ed de Vroedt and Mr. Peter Hoving Affiliation: UMS Group Europe; email@example.com, +316 1026 6162 ABSTRACT This paper
Guidance for the Quality Assurance of Fire Protection Systems Prepared for: Office of Energy Research Office of Environment, Safety and Health Technical Support Prepared by: Roy F. Weston, Inc. October
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
MODEL BASED CYBER SECURITY ANALYSIS FOR RESEARCH REACTOR PROTECTION SYSTEM JINSOO SHIN, RAHMAN KHALIL UR, GYUNYOUNG HEO Kyung Hee University, Seogyeong-daero, Giheung-gu, Gyeonggi-do, 446-701, Republic
Why SIL3? Josse Brys TUV Engineer firstname.lastname@example.org Agenda Functional Safety Good planning if specifications are not right? What is the difference between a normal safety and SIL3 loop? How do systems achieve
Solutions and IT services for The context Companies operating in the Oil-Gas & Energy sectors are facing radical changes that have a significant impact on their business processes. In this context, compliance
A Security Approach in System Development Life Cycle (1) P.Mahizharuvi, Research Scholar, Dept of MCA, Computer Center, Madurai Kamaraj University, Madurai. email@example.com (2) Dr.K.Alagarsamy,
Nuclear Safety Council Instruction number IS- 23 on in-service inspection at nuclear power plants Published in the Official State Gazette (BOE) No 283 of November 24 th 2009 Nuclear Safety Council Instruction
Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are
DRAFT REGULATORY GUIDE SOFTWARE IN PROTECTION AND CONTROL SYSTEMS Issued for public comments by the Atomic Energy Control Board October 1999 Atomic Energy Control Board Commission de contrôle de l énergie
Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014 Table of Contents Section Slide Number
Your consent to our cookies if you continue to use this website.