Announcement of a new IAEA Co-ordinated Research Programme (CRP)

Size: px
Start display at page:

Download "Announcement of a new IAEA Co-ordinated Research Programme (CRP)"

Transcription

1 Announcement of a new IAEA Co-ordinated Research Programme (CRP) 1. Title of Co-ordinated Research Programme Design and engineering aspects of the robustness of digital instrumentation and control (I&C) systems in nuclear power plants (NPPs) against malicious acts (tentative title). 2. Brief Summary This document presents a proposal for a CRP on the evaluation, comparison, and improvements of the characteristics of various digital I&C system designs used in NPPs, in terms of their robustness to cyberattacks, or in general, to any internal or external malicious acts. Cybersecurity is currently the object of much attention, in a large part due to the pervasiveness and critical roles of digital systems in modern societies. Similarly, digital I&C systems and equipment play an increasing role in NPPs, either through initial design or through I&C modernizations and upgrades. Malicious attacks on these systems could have serious effects on plant safety, which in turn could lead to severe, unacceptable, societal consequences. Also, particularly in countries where nuclear power represents a significant part of electricity production, NPPs availability and performance can be of vital economic and societal interest. In addition, vulnerability of NPP systems to malicious attacks could undermine the public acceptance of nuclear power. This proposal identifies, and plans to complete, the research, evaluation, comparison and improvements required in the fields of digital I&C systems. The technical subject of the CRP was identified by the IAEA Technical Working Group on Nuclear Power Plant Control and Instrumentation (TWG-NPPIC) as an area of high importance. Many members of the TWG-NPPIC are potential contributors and reviewers of the proposed CRP. Similarly, cyber security of nuclear installations was the subject of a recent initiative of three IAEA divisions (NSNS, NENP, NSNI) resulting in a workshop which took place in February 2011 and a large technical meeting to be held in May Background situation analysis (Rationale/Problem) 3.1 Solutions good for Information Technology (IT) systems are not always applicable to digital I&C systems in NPPs Very significant efforts have already been devoted to the general issue of cybersecurity, resulting in various approaches, methods, techniques, standards, regulatory requirements and guidelines. However, these results were mainly developed for, and applied to, general IT systems, and are not always directly applicable, and should not be applicable, to NPP digital systems, especially in systems important to safety. In particular, most of these NPP systems are, to various degrees, of importance to plant safety, availability and / or performance. Most of these systems are also real-time systems, the actions of which must be performed within strict time intervals. Examples of such actions are reactor trips, limitation actions, alarms signalling to operators. Therefore, it is absolutely essential that cybersecurity measures do not risk preventing or delaying necessary actions. This is particularly true for actions also involving human actions, like those of control-room or field operators. It is equally important that cybersecurity measures do not risk causing spurious or incorrect actions that could lead to plant trips, plant equipment damage, or worse, accident conditions. Such risks could occur if cybersecurity measures introduce additional complexity in the system design to the point where verification & validation (V&V) is less effective and there is an increased potential for failure due to unnecessary complex designs. For example, whereas encryption is a cybersecurity technique commonly used in IT Systems, it is generally avoided in I&C systems.

2 Similarly, cybersecurity measures should not add significant complexity to, or lengthen, plant and I&C systems operation and maintenance activities, such as surveillance, diagnostics, repairing and recovery from failures NPP digital I&C systems have specific cybersecurity needs Another reason why cybersecurity measures applicable to IT systems are not always appropriate to NPP digital systems is that NPP digital systems have distinct cybersecurity needs. In particular, most NPP systems put a lesser emphasis on information confidentiality (e.g. access to temperature and pressure data does not in itself lead to direct threats on the plant), and a higher emphasis on system and information integrity (e.g. prevention of unauthorised changes, preclusion of undetected modifications) and system availability. 4. Overall Objective The overall objectives of the proposed CRP is to strengthen Member States capabilities for optimization of nuclear power plants performance and service life by means of improved understanding of the related engineering and management areas of cyber security. This includes making appropriate measures against malicious acts targeting the digital I&C systems of NPPs. The objectives of the CRP are in line with, and directly support, Project Engineering support for design, operation, maintenance, and plant life management for safe long term operation under Sub-programme Integrated Support for Operating Nuclear Facilities in the Programme Cycle. 5. Specific Research Objective (Purpose) The objective of this CRP and its research approach are listed below Terminology Cybersecurity practices have been extensively developed to protect IT systems. Consequently, the associated terminology and concepts concerning this issue primarily relate to the protection of information systems during the conduct of information exchange and storage. For nuclear power plants, a primary concern is the assurance of the functionality of active control and safety systems and the integrity of real-time data upon which those systems rely. Therefore, it is necessary to ensure that the terminology within the cybersecurity discipline is appropriately translated and expanded to accommodate the unique considerations of nuclear power plants digital I&C systems. Enhancement of a context-specific glossary of cybersecurity terminology is a key unifying activity to advance the treatment of potential vulnerabilities and application of mitigation techniques Analysis of Standards, Regulatory Requirements, Guidance and Practices In addition to general security standards like ISO 17799, several standards and guides relating to cybersecurity for nuclear facilities have been recently released or are currently under development. Specifically, the IAEA is developing a draft guide for computer security at nuclear facilities. The International Electrotechnical Commission is currently generating an initial standard (IEC 62645) on security programs for computer-based systems. The U.S. Nuclear Regulatory Commission has issued guidance on cybersecurity programs at nuclear facilities in Regulatory Guide (RG) In addition, RG 1.152, Rev. 2, contains guidance on cybersecurity considerations throughout the lifecycle of digital I&C system. The Nuclear Energy Institute also provides cybersecurity guidelines for the U.S. nuclear power industry. Additional standards are being developed by ISA99 and IEC TC65 for computer security of industrial automation. An analysis of these standards and others will be conducted under this research program to capture commonalities and differences, identify gaps in guidance, and provide the basis for development of a harmonized approach.

3 5.3. Identification of Security Goals for NPP Digital I&C Systems As noted earlier, NPP digital systems have specific cybersecurity needs. Therefore, one research action of the CRP will be to specify the cybersecurity solutions and good practices for various classes of NPP digital systems and equipment. In particular, attention should be also given to support systems. One example of such systems is the configuration or programming devices, which allow operators to enter or modify systems parameters or systems programming. Other examples are engineering, monitoring and diagnostics workstations Identification of Threats to NPP Digital I&C Systems Threats may occur at various components (entry points) of a complex digital I&C system and at various stages of the digital system lifecycle, in particular during development, manufacturing, installation on site, operation, maintenance and modification. One research action of the CRP will be to identify and characterise these threats along the lifecycle Identification of Constraints Specific to NPP Digital I&C Systems Also as noted earlier, NPP digital I&C systems are submitted to specific constraints. One action of the CRP will be to systematically list these constraints and requirements, for the various classes of NPP digital I&C systems and equipment Solutions and Opportunities This CRP will assess the known protection measures against the identified threats, taking into consideration the identified constraints on digital I&C systems. It may also propose desired features and protections based on the good practices collected and analysed in the CRP. The treatment of cybersecurity in digital I&C systems at nuclear power plants can take many forms. Opportunities to prevent, mitigate, or tolerate cyber threats can arise through technological means, system design, and plant I&C architecture. The identification of approaches and options requires investigation of the cybersecurity features of current and emerging digital I&C systems at nuclear power plants as well as determination of characteristics that can be exploited to address potential threats and provide appropriate levels of protection. The selection of technology upon which to implement digital I&C systems can be informed by consideration of relative strengths and weaknesses related to susceptibility and robustness. Specifically, software-based platforms, programmable logic devices, and mixed mode (analog and digital) circuits offer different cyber-related characteristics. This research program will contribute to the systematic identification of key characteristics offered by various technological options and thus support a clear assessment of potential vulnerabilities. The research results can facilitate exploitation of a range of capabilities through design and architectural configuration to eliminate threats, mitigate risk and minimize the impact of attacks Overall Plant Security Framework These measures could (and should, when appropriate) in a large part rely on measures already taken for plant safety and security, and for system safety and dependability. In particular, physical access to digital systems cabinets is generally necessary to modify parameters or programming, and NPPs provide extensive physical access protection. Also, plant personnel that have access to critical locations are carefully screened. Also, nuclear power plants traditionally employ architectural concepts (such as independence, redundancy, defense in depth, and diversity) to support safety. These architectural considerations can be exploited to contribute to cybersecurity. For example, diversity in system design or technology usage can reduce commonalities in vulnerability among key safety or control systems. This research

4 program will investigate the impact of various architectural approaches (redundancy, diversity, voting, etc.) on achieving the goals of safety, availability and security Dependability & Safety Measures Already Applied to NPP Digital I&C Systems This research program will investigate effective approaches to ensure adequate treatment of cybersecurity considerations in design throughout the system lifecycle. Digital I&C system design generally provides for realization of functional and performance requirements with specified quality and reliability characteristics. Historically, cybersecurity has not been given significant consideration in the design of I&C systems at nuclear power plants because these systems have traditionally been invulnerable to cyberattack due to rigid (i.e., hardwired or analog) implementation, segregation (i.e., stove-piped or isolated systems), and a general absence of interactive communications (especially with external networks). However, the transition to digital technology is changing the nature of I&C systems at nuclear power plants by enabling extensive interconnection of reprogrammable functionally interdependent I&C systems. Thus, cybersecurity must be explicitly considered as part of the system design. Defensive design measures that have been developed to ensure deterministic performance and reliable functionality can be adapted to also address prevention or mitigation of cyber threats. In addition to the digital implementation itself, the design process consists of lifecycle phases in which vulnerabilities can exist, for example through compromise of design or testing tools. Thus, cybersecurity must be addressed not only through design features of the system but also through provision and protections established for the design and development process. In particular, fault avoidance, detection and tolerance approaches, and extensive independent verification & validation (V&V), sometimes based on methods and tools diverse from those used during development, could be credited in the defence against malware that could be introduced during development. Overall, considering what is already done regarding the systems that are the most important to safety, it is expected that limited changes in design and development process will be necessary. However, the same cannot be said of all systems of low safety significance and support systems, and it is likely that more effort will be necessary there. 6. Expected Research Outputs The results of this CRP are planned to be published in a Nuclear Energy Series document when the work of the CRP is completed. Due to the sensitive nature of the subject, the distribution of the report should be restricted. Constrains of confidentiality should also be placed on the developing and execution process of the CRP. 7. Expected Research Outcomes After completing the tasks under this CRP, recommendations to NPP utilities, regulatory bodies, and I&C vendors may be available. Gaps in various national and international standards, guidelines and good practice documents will be identified, to which participants can direct future research activities to improve the resistance of NPP digital I&C systems to malicious acts. Mapping and gap analysis of existing cybersecurity guidance applicable to digital I&C systems in nuclear power plants Compilation of best practices of cybersecurity for system vendors, I&C architects, utilities, regulators Comparison of methods & tools for assessing threats and effectiveness of responses to cyberthreats Comparison of various conceptual designs of digital I&C architectures in terms of their resistance to cyberattacks.

5 8. Relationship to Sub-programme Objective The expected research outputs of the proposed CRP would contribute to the objectives of Project Engineering support for design, operation, maintenance, and plant life management for safe long term operation under Sub-programme Integrated Support for Operating Nuclear Facilities in the Programme Cycle: To enhance performance and safe lifetime operation of nuclear power plants. 9. Action Plan (Activities) Description of Activity 1. Identification and Description of Programme Objectives (1) (2) (3) The technical areas for research, assessment, and comparisons, that need to be developed under the CRP, will be identified. CRP objectives, a three-year workplan, and the expected results of the CRP will be established. 2. Evaluation of Proposals and Selection of Participating Organizations The CRP will require the participation of several key organizations covering the subjects of the CRP. Research agreements will be awarded to the organizations submitting the best proposals to achieve CRP objectives. Chief Scientific Investigators (CSI) from each participating organization will be identified. 3. First Research Co-ordination Meeting (RCM) to Establish Research Activities Organizing the 1 st meeting for the CRP. Participating organizations will present their research proposals and their related experience. A work plan and draft outline of the expected CRP report on the subject will be developed. Post-meeting assignments will be given to participants. 4. Exchange of Information During the First and the Second of the CRP The IAEA Secretariat and the CSIs will arrange for the exchange of information between the meetings. During the first year of the CRP, an interim report will be drafted and circulated before the next meeting. 5. Second Research Co-ordination Meeting to Report on First Results and Write First Draft of Report on the Subject Participating organizations will present their reports on the activities and results from the first year of CRP. The interim report on the subject will be developed from the results of the activities in the first and the second year of CRP and published as a working document.

6 Description of Activity 6. Exchange of Information During the Second and the Third of the CRP (1) (2) (3) IAEA Secretariat and the CSIs will exchange information during the second and the third year of the CRP. The draft CRP report will be updated and further developed using the results and information obtained during the first and second year of the CRP. The draft report will be circulated before the next meeting. 7. Third Research Co-ordination Meeting to Evaluate Research Results Achieved in All Areas of Engineering Solutions Participating organizations will present working groups and national reports on the activities and results from the third year of the CRP. The second draft of the report on the CRP will be prepared including new information based on experience and the activities in the third year of the CRP. 8. Publish an NE-Series Report on the Results of the CRP 10. Assumptions It is assumed that limited financial resources will be available from both the IAEA and the participations organizations. It is also assumed that participating organizations commit themselves to the execution of the project for its entire duration. Specific assumptions are mentioned in Section 13. Equally important is the consensus between NENP, NSNI, and NSNS on the scope, objectives, and deliverables of the CRP. 11. Foreseen Participation It is expected that proposals for research agreements will be submitted from Member States with operating NPPs, or NPPs under construction, such as Canada, China, Finland, France, Germany, Hungary, Japan, Republic of Korea, Russian Federation, Sweden, Switzerland, Ukraine, United Kingdom, United States of America. Proposals may be received from additional Member States. Potential participating organizations could be NPP I&C vendors, nuclear utilities, regulatory bodies and their TSOs, research laboratories, and international organisations. 12. Links to Technical Cooperation (TC) Projects Outputs of the CRP can be used in related national and regional TC projects, if such projects are initiated for the cybersecurity of digital I&C systems in NPPs. This may include the use of CRP-based reports and working materials as workshop/training materials. Also, results of benchmarking or design comparisons produced under the CRP can serve as teaching tools. CRP participants are also potential lecturers and experts at future TC workshops and expert missions. The successful conclusion of the CRP may also lead to new TC projects on the subject.

7 13. Logical Framework The table below describes the Logical Framework for the CRP. Narrative summary Specific Research Objective: The objective of this CRP is to define and coordinate research to support the assessment and comparison of Existing good practices in designing, implementing, and operating digital I&C systems from the viewpoint of cybersecurity The characteristics of the ideal I&C systems resistant to cyberattacks Consistent terminology used in cybersecurity of IT systems and digital I&C systems in NPPs, in order to accommodate the unique considerations of NPP digital I&C systems. Objective verifiable indicators The R&D areas identified in the CRP workplan are progressing and the CRP draft report is updated periodically. CRP meetings are held and significant contributions are received from the CSIs. Enhancement of a contextspecific glossary of cybersecurity terminology for digital I&C systems in NPPs. Means of verification Progress reports and the CRP draft report are reviewed periodically by NENP, NSNI, and NSNS. Important assumptions Support from the CSIs home organization is provided to CRP participants. Continuous coordination occurs between CSIs and the IAEA. Coordinated work is being done between CRP meetings. Appropriate support is provided to the CRP activities by the IAEA Project Officer. Analysis of Standards, Regulatory Requirements, Guidance and Practices Identification of security goals, threats, and constraints specific to NPP digital I&C systems Expected Research Outputs: The result of this CRP will be a Nuclear Energy Series document or a TECDOC describing the results supporting the above objectives. Progress reports and RCM reports will be prepared according to the action plan. CRP draft report is updated periodically. Progress reports and RCM reports are reviewed. The CRP final report is approved by NE-DCT, NSNI, NSNS and PC. Sufficient technical potential, skills, time, and resources are available from participating organizations to conduct the research. CRP members (especially, vendors and NPP utilities) are willing to share designrelated information CRP s research areas are covered by ongoing R&D projects in participating organizations.

8 Narrative summary Objective verifiable indicators Means of verification Important assumptions Activities Formation of a team of CSIs representing NPP utilities, I&C vendors, nuclear regulators and TSOs to implement the CRP Research agreements are awarded Approval of the research agreements by NACA. NENP, NSNI, and NSNS agree on the CRP s workplan and the composition of the CSI groups. Organizing the 1 st RCM (2011) 1 st RCM held CRP Progress Report is produced and the CRP draft report is updated. Organizing the 2 nd RCM (2012) 2nd RCM held CRP Progress Report is produced Organizing the 3 rd RCM (2013) 3rd RCM held CRP Progress Report is produced Publishing the CRP Final Report as a Nuclear Energy Series Document or a TECDOC in 2013 The CRP Final Report is produced The CRP Final Report is approved and published Enough number of proposals are submitted from qualified organizations. Research areas are assigned to groups of CSIs covering all relevant areas Research is progressing and the results are being integrated into the CRP draft report. Research tasks are near completion and the CRP draft report is updated. All key CSIs contributed to the CRP draft report and the report is approved by NE-DCT, NSNI, NSNS and PC.

MDEP Generic Common Position No DICWG 02

MDEP Generic Common Position No DICWG 02 MDEP Generic Common Position No DICWG 02 Related to: Digital Instrumentation and Controls Working Group activities COMMON POSITION ON SOFTWARE TOOLS FOR THE DEVELOPMENT OF SOFTWARE FOR SAFETY SYSTEMS 1

More information

IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD

IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD A NEW IEC STANDARD FOR CYBERSECURITY FOR NUCLEAR POWER PLANTS: IEC 62645 - REQUIREMENTS FOR SECURITY PROGRAMS FOR COMPUTER-BASED

More information

COMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES

COMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES 1 1 1 1 1 1 1 1 0 1 0 1 0 1 NUCLEAR SECURITY SERIES NO. XX NST0 DRAFT, November 01 STEP : Submission to MS for comment COMPUTER SECURITY OF INSTRUMENTATION AND CONTROL SYSTEMS AT NUCLEAR FACILITIES DRAFT

More information

MDEP VICWG-01 Technical Report

MDEP VICWG-01 Technical Report MDEP VICWG-01 MDEP VICWG-01 Related to: Vendor Inspection Cooperation Working Group activities : 1 MDEP VICWG-01 1. Background Multi-National Design Evaluation Programme Vendor Inspection Cooperation Working

More information

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants Jung-Woon Lee, Cheol-Kwon Lee, Jae-Gu Song, and Dong-Young Lee I&C and HF Research Division, Korea Atomic Energy

More information

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS http://dx.doi.org/10.5516/net.04.2012.091 AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG *, JUNG-WOON LEE, GEE-YONG PARK, KEE-CHOON KWON,

More information

IAEA-TECDOC-1328 Solutions for cost effective assessment of software based instrumentation and control systems in nuclear power plants

IAEA-TECDOC-1328 Solutions for cost effective assessment of software based instrumentation and control systems in nuclear power plants IAEA-TECDOC-1328 Solutions for cost effective assessment of software based instrumentation and control systems in nuclear power plants Report prepared within the framework of the Technical Working Group

More information

Integrating Cyber Security into Nuclear Power Plant Safety Systems Design

Integrating Cyber Security into Nuclear Power Plant Safety Systems Design Integrating Cyber Security into Nuclear Power Plant Safety Systems Design Deanna Zhang U.S. Nuclear Regulatory Commission Document Date: 05/21/2010 Objectives To provide methods for utilizing safety features,

More information

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors

i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors March 25-27, 2014 Steven A. Kunsman i-pcgrid Workshop 2015 Cyber Security for Substation Automation The Jagged Line between Utility and Vendors ABB Inc. March 26, 2015 Slide 1 Cyber Security for Substation

More information

SAFETY LIFE-CYCLE HOW TO IMPLEMENT A

SAFETY LIFE-CYCLE HOW TO IMPLEMENT A AS SEEN IN THE SUMMER 2007 ISSUE OF... HOW TO IMPLEMENT A SAFETY LIFE-CYCLE A SAFER PLANT, DECREASED ENGINEERING, OPERATION AND MAINTENANCE COSTS, AND INCREASED PROCESS UP-TIME ARE ALL ACHIEVABLE WITH

More information

OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT

OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT GENERAL DISTRIBUTION OCDE/GD(95)115 OECD SERIES ON PRINCIPLES OF GOOD LABORATORY PRACTICE AND COMPLIANCE MONITORING NUMBER 10 GLP CONSENSUS DOCUMENT THE APPLICATION OF THE PRINCIPLES OF GLP TO COMPUTERISED

More information

The Role of Nuclear Knowledge Management

The Role of Nuclear Knowledge Management The Role of Nuclear Knowledge Management A. Introduction The Agency has been a focal point for nuclear knowledge and information since its establishment in 1957. Nuclear knowledge management (NKM) came

More information

Cyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC)

Cyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC) Cyber Security Design Methodology for Nuclear Power Control & Protection Systems By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC) 1. INTRODUCTION In today s world, cyber security is one

More information

8 Emergency Operating Procedures (EOPs) and Severe Accident Management Guidelines (SAMGs) - Issue 06

8 Emergency Operating Procedures (EOPs) and Severe Accident Management Guidelines (SAMGs) - Issue 06 8-1 8 Emergency Operating Procedures (EOPs) and Severe Accident Management Guidelines (SAMGs) - Issue 06 Table of contents 8 Emergency Operating Procedures (EOPs) and Severe Accident Management Guidelines

More information

Steven A. Arndt Division of Engineering Office of Nuclear Reactor Regulation

Steven A. Arndt Division of Engineering Office of Nuclear Reactor Regulation Current and Future Use of IEEE and IEC Consensus Standards in the Regulation of Digital Instrumentation and Control Systems in the Nuclear Power Industry Steven A. Arndt Division of Engineering Office

More information

FPGA- based technology and systems for I&C of existing and advanced reactors

FPGA- based technology and systems for I&C of existing and advanced reactors International Conference on Opportunities and Challenges for Water Cooled Reactors in the 21st Century Vienna, Austria, 27 30 October 2009 FPGA- based technology and systems for I&C of existing and advanced

More information

This is a preview - click here to buy the full publication

This is a preview - click here to buy the full publication TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems

More information

FREQUENTLY ASKED QUESTIONS

FREQUENTLY ASKED QUESTIONS FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication

More information

Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective

Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective Terry Jamieson Vice-President Technical Support Branch Canadian Nuclear Safety Commission August 11, 2015 www.nuclearsafety.gc.ca

More information

A Methodology for Safety Case Development

A Methodology for Safety Case Development A Methodology for Safety Case Development Peter Bishop Adelard, London, UK Robin Bloomfield Adelard, London, UK 1 Introduction A safety case is a requirement in many safety standards. Explicit safety cases

More information

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Sooill Lee a*, Yong Sik Kim a, Song Hae Ye a a Central Research Institute, Korea Hydro and

More information

ESRS guidelines for software safety reviews

ESRS guidelines for software safety reviews IAEA Services Series No. 6 ESRS guidelines for software safety reviews Reference document for the organization and conduct of Engineering Safety Review Services (ESRS) on software important to safety in

More information

Spreading the Word on Nuclear Cyber Security

Spreading the Word on Nuclear Cyber Security Spreading the Word on Nuclear Cyber Security Clifford Glantz, Guy Landine, Philip Craig, and Robert Bass Pacific Northwest National Laboratory (PNNL) PO Box 999; 902 Battelle Blvd Richland, WA 99352 USA

More information

Future cybersecurity threats and research needs.

Future cybersecurity threats and research needs. www.thalesgroup.com Future cybersecurity threats and research needs. 3 rd Franco-American Workshop on Cybersecurity Lyon Kreshnik Musaraj kreshnik.musaraj@thalesgroup.com December 9. 2014 2 / Challenges

More information

Feature. SCADA Cybersecurity Framework

Feature. SCADA Cybersecurity Framework Feature Samir Malaviya, CISA, CGEIT, CSSA, works with the Global Consulting Practice-GRC practice of Tata Consultancy Services and has more than 17 years of experience in telecommunications, IT, and operation

More information

Achieving Functional Safety with Global Resources and Market Reach

Achieving Functional Safety with Global Resources and Market Reach Achieving Functional Safety with Global Resources and Market Reach 0A 0B Burner management systems Combustion controls Electric vehicle components (on-board, off board) Electrosensitive equipment Elevator

More information

Application of FPGA-based Safety Controller for Implementation of NPPs I&C Systems Vladimir Sklyar, Technical Director

Application of FPGA-based Safety Controller for Implementation of NPPs I&C Systems Vladimir Sklyar, Technical Director Application of FPGA-based Safety Controller for Implementation of NPPs I&C Systems Vladimir Sklyar, Technical Director Seminar FPGA-based I&C Systems in Nuclear Applications February 4, 2015, Energiforsk,

More information

CYBER SECURITY INDUSTRY GUIDELINES

CYBER SECURITY INDUSTRY GUIDELINES CYBER SECURITY INDUSTRY GUIDELINES Aron Sorensen, Chief Marine Technical Officer, BIMCO 1 BIMCO Founded in 1905-2,300 members in around 130 countries Membership includes shipowners, operators, managers,

More information

8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day

8/27/2015. Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354. Don t Wait Another Day Brad Schuette IT Manager City of Punta Gorda bschuette@pgorda.us (941) 575-3354 2015 FRWA Annual Conference Don t Wait Another Day 1 SCADA Subsystems Management Physical Connectivity Configuration Mgmt.

More information

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS http://dx.doi.org/10.5516/net.04.2011.065 A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS JAE-GU SONG, JUNG-WOON LEE *, CHEOL-KWON LEE, KEE-CHOON KWON, and DONG-YOUNG

More information

Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004)

Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004) Selecting Sensors for Safety Instrumented Systems per IEC 61511 (ISA 84.00.01 2004) Dale Perry Worldwide Pressure Marketing Manager Emerson Process Management Rosemount Division Chanhassen, MN 55317 USA

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

Cloud security architecture

Cloud security architecture ericsson White paper Uen 284 23-3244 January 2015 Cloud security architecture from process to deployment The Trust Engine concept and logical cloud security architecture presented in this paper provide

More information

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK DATE OF RELEASE: 27 th July 2012 Table of Contents 1. Introduction... 2 2. Need for securing Telecom Networks... 3 3. Security Assessment Techniques...

More information

Nuclear Power Plant Electrical Power Supply System Requirements

Nuclear Power Plant Electrical Power Supply System Requirements 1 Nuclear Power Plant Electrical Power Supply System Requirements Željko Jurković, Krško NPP, zeljko.jurkovic@nek.si Abstract Various regulations and standards require from electrical power system of the

More information

Options for Cyber Security. Reactors. April 9, 2015

Options for Cyber Security. Reactors. April 9, 2015 Options for Cyber Security Design Requirements for Power Reactors April 9, 2015 Scope Discuss options for including cyber security design requirements for power reactors into NRC regulations Scope does

More information

Safety and security interdependencies in complex systems and SoS: Challenges and perspectives

Safety and security interdependencies in complex systems and SoS: Challenges and perspectives Complex Systems Design & Management 2011 Safety and security interdependencies in complex systems and SoS: Challenges and perspectives Sara Sadvandi (Sodius) ssadvandi@sodius.com Nicolas Chapon (C-S) nicolas.chapon@c-s.fr

More information

Training in Emergency Preparedness and Response

Training in Emergency Preparedness and Response Working to Protect People, Society and the Environment Training in Emergency Preparedness and Response Nuclear Safety and Security Programme Nuclear Safety and Security Programme Training in Emergency

More information

U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH. REGULATORY GUIDE 5.71 (New Regulatory Guide)

U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH. REGULATORY GUIDE 5.71 (New Regulatory Guide) U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH REGULATORY GUIDE 5.71 (New Regulatory Guide) CYBER SECURITY PROGRAMS FOR NUCLEAR FACILITIES A INTRODUCTION

More information

Document ID. Cyber security for substation automation products and systems

Document ID. Cyber security for substation automation products and systems Document ID Cyber security for substation automation products and systems 2 Cyber security for substation automation systems by ABB ABB addresses all aspects of cyber security The electric power grid has

More information

System Aware Cyber Security

System Aware Cyber Security System Aware Cyber Security Application of Dynamic System Models and State Estimation Technology to the Cyber Security of Physical Systems Barry M. Horowitz, Kate Pierce University of Virginia April, 2012

More information

ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL

ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL 61508-3 ª IEC: 1997 1 Version 12.0 05/12/97 COMMISSION CEI ELECTROTECHNIQUE IEC INTERNATIONALE 61508-3 INTERNATIONAL ELECTROTECHNICAL COMMISSION Functional safety of electrical/electronic/ programmable

More information

Cyber Security. perspective of an operator of a critical infrastructure. 1st CAMINO Workshop. Rolf Brunner Fachstelle IT-Sicherheit

Cyber Security. perspective of an operator of a critical infrastructure. 1st CAMINO Workshop. Rolf Brunner Fachstelle IT-Sicherheit Cyber Security perspective of an operator of a critical infrastructure 1st CAMINO Workshop Rolf Brunner Fachstelle IT-Sicherheit CH-5325 Leibstadt Telefon +41(0)56 267 71 11 www.kkl.ch Agenda Leibstadt

More information

Cyber Security in a Nuclear Context

Cyber Security in a Nuclear Context Cyber Security in a Nuclear Context Mitchell Hewes & Nick Howarth UNCLASSIFIED Who are we? Our Facilities Synchrotron Accelerators Cyclotron OPAL Lucas Heights Campus Some Considerations We have an interesting

More information

Session 14: Functional Security in a Process Environment

Session 14: Functional Security in a Process Environment Abstract Session 14: Functional Security in a Process Environment Kurt Forster Industrial IT Solutions Specialist, Autopro Automation Consultants In an ideal industrial production security scenario, the

More information

IAEA Research Reactor Operations & Maintenance Support 2014 TRTR Meeting August 3rd-7th, 2014 Benson Hotel Portland Oregon

IAEA Research Reactor Operations & Maintenance Support 2014 TRTR Meeting August 3rd-7th, 2014 Benson Hotel Portland Oregon IAEA Research Reactor Operations & Maintenance Support 2014 TRTR Meeting August 3rd-7th, 2014 Benson Hotel Portland Oregon By Charles R Morris Personal Nuclear History Contents 1. Introduction 2. Digital

More information

The rocky relationship between safety and security

The rocky relationship between safety and security The rocky relationship between safety and security Best practices for avoiding common cause failure and preventing cyber security attacks in Safety Systems Abstract: An industry practice reflected in the

More information

U.S. Department of Energy

U.S. Department of Energy U.S. Department of Energy Washington, D.C. NOTICE DOE N 203.1 Approved: Expires: 06-02-01 SUBJECT: SOFTWARE QUALITY ASSURANCE 1. OBJECTIVES. To define requirements and responsibilities for software quality

More information

ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT

ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT 2 OECD RECOMMENDATION OF THE COUNCIL ON THE PROTECTION OF CRITICAL INFORMATION INFRASTRUCTURES ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT The OECD is a unique forum where the governments of

More information

Technical Meeting on Evaluation and Dependability Assessment of Software for Safety Instrumentation and Control Systems at Nuclear Power Plants

Technical Meeting on Evaluation and Dependability Assessment of Software for Safety Instrumentation and Control Systems at Nuclear Power Plants Technical Meeting on Evaluation and Dependability Assessment of Software for Safety Instrumentation and Control Systems at Nuclear Power Plants Hosted by the Government of the Republic of Korea through

More information

Cyber Security and Privacy - Program 183

Cyber Security and Privacy - Program 183 Program Program Overview Cyber/physical security and data privacy have become critical priorities for electric utilities. The evolving electric sector is increasingly dependent on information technology

More information

Human Factors in Design and Construction Regulatory Perspective

Human Factors in Design and Construction Regulatory Perspective Further needs in the Area of management systems Safety culture, leadership and preoperational stages of nuclear projects Human Factors in Design and Construction Regulatory Perspective Technical Meeting,

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies

Protect Your Assets. Cyber Security Engineering. Control Systems. Power Plants. Hurst Technologies Protect Your Assets Cyber Security Engineering Control Systems. Power Plants. Hurst Technologies Cyber Security The hackers are out there and the cyber security threats to your power plant are real. That

More information

Development and Application of POSAFE-Q PLC Platform

Development and Application of POSAFE-Q PLC Platform Development and Application of POSAFE-Q PLC Platform MyeongKyun Lee a, SeungWhan Song a, DongHwa Yun a a POSCO ICT Co. R&D center, Korea Techno-complex 126-16, 5-ka, Anam-dong, Sungbuk, Seoul, Republic

More information

Cyber Security Implications of SIS Integration with Control Networks

Cyber Security Implications of SIS Integration with Control Networks Cyber Security Implications of SIS Integration with Control Networks The LOGIIC SIS Project Standards Certification Education & Training Publishing Conferences & Exhibits Presenter Zach Tudor is a Program

More information

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System

AUDIT REPORT. Cybersecurity Controls Over a Major National Nuclear Security Administration Information System U.S. Department of Energy Office of Inspector General Office of Audits and Inspections AUDIT REPORT Cybersecurity Controls Over a Major National Nuclear Security Administration Information System DOE/IG-0938

More information

A DEVELOPMENT FRAMEWORK FOR SOFTWARE SECURITY IN NUCLEAR SAFETY SYSTEMS: INTEGRATING SECURE DEVELOPMENT AND SYSTEM SECURITY ACTIVITIES

A DEVELOPMENT FRAMEWORK FOR SOFTWARE SECURITY IN NUCLEAR SAFETY SYSTEMS: INTEGRATING SECURE DEVELOPMENT AND SYSTEM SECURITY ACTIVITIES A DEVELOPMENT FRAMEWORK FOR SOFTWARE SECURITY IN NUCLEAR SAFETY SYSTEMS: INTEGRATING SECURE DEVELOPMENT AND SYSTEM SECURITY ACTIVITIES JAEKWAN PARK * and YONGSUK SUH Korea Atomic Energy Research Institute

More information

Cyber Security nei prodotti di automazione

Cyber Security nei prodotti di automazione Cyber Security nei prodotti di automazione Marco Biancardi, ABB SpA, Power System Division 11 dicembre 2013, Roma Why is it an issue? Isolated devices Point to point interfaces Proprietary networks Standard

More information

OCIE CYBERSECURITY INITIATIVE

OCIE CYBERSECURITY INITIATIVE Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.

More information

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

The President s Critical Infrastructure Protection Board. Office of Energy Assurance U.S. Department of Energy 202/ 287-1808 cover_comp_01 9/9/02 5:01 PM Page 1 For further information, please contact: The President s Critical Infrastructure Protection Board Office of Energy Assurance U.S. Department of Energy 202/ 287-1808

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

Guideline. Installation and commissioning Validation Operation and maintenance Modification Decommissioning

Guideline. Installation and commissioning Validation Operation and maintenance Modification Decommissioning Guideline Installation and commissioning Validation Operation and maintenance Modification Decommissioning Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing

More information

Patching Off-the-Shelf Software Used in Medical Information Systems

Patching Off-the-Shelf Software Used in Medical Information Systems Patching Off-the-Shelf Software Used in Medical Information Systems This Paper was developed by the Joint NEMA/COCIR/JIRA Security and Privacy Committee (SPC) This Paper has been approved by: NEMA (National

More information

Help for the Developers of Control System Cyber Security Standards

Help for the Developers of Control System Cyber Security Standards INL/CON-07-13483 PREPRINT Help for the Developers of Control System Cyber Security Standards 54 th International Instrumentation Symposium Robert P. Evans May 2008 This is a preprint of a paper intended

More information

The Next Generation of Security Leaders

The Next Generation of Security Leaders The Next Generation of Security Leaders In an increasingly complex cyber world, there is a growing need for information security leaders who possess the breadth and depth of expertise necessary to establish

More information

1 ISA Security Compliance Institute

1 ISA Security Compliance Institute 1 ISA Security Compliance Institute Internationally Accredited Conformance Scheme ISASecure certification programs are accredited as an ISO/ IEC Guide 65 conformance scheme and ISO/IEC 17025 lab operations

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,

More information

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget Office of the Auditor General Performance Audit Report Statewide Oracle Database Controls Department of Technology, Management, and Budget March 2015 071-0565-14 State of Michigan Auditor General Doug

More information

Defending the Internet of Things

Defending the Internet of Things Defending the Internet of Things Identity at the Core of Security +1-888-690-2424 entrust.com Table of contents Introduction Page 3 Challenge: protecting & managing identity Page 4 Founders of identity

More information

Cybersecurity & the Water Sector

Cybersecurity & the Water Sector Cybersecurity & the Water Sector NAWC Water Summit October 6, 2013 San Diego, CA Kevin Morley, AWWA How to deal with Cyber Threat? How would our operations change if we did not have SCADA working? How

More information

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment

The Advantages of an Integrated Factory Acceptance Test in an ICS Environment The Advantages of an Integrated Factory Acceptance Test in an ICS Environment By Jerome Farquharson, Critical Infrastructure and Compliance Practice Manager, and Alexandra Wiesehan, Cyber Security Analyst,

More information

NIST Industrial Control System Security Activities

NIST Industrial Control System Security Activities NIST Industrial Control System Security Activities Keith Stouffer National Institute of Standards and Technology Collaborating to Advance Control System Security NIST ICS Security Activities NIST s role

More information

AP1000 European 18. Human Factors Engineering Design Control Document

AP1000 European 18. Human Factors Engineering Design Control Document 18.2 Human Factors Engineering Program Management The purpose of this section is to describe the goals of the AP1000 human factors engineering program, the technical program to accomplish these goals,

More information

Improving regulatory practices through the OECD-NEA Stress Corrosion Cracking and Cable Ageing Project (SCAP)

Improving regulatory practices through the OECD-NEA Stress Corrosion Cracking and Cable Ageing Project (SCAP) Improving regulatory practices through the OECD-NEA Stress Corrosion Cracking and Cable Ageing Project (SCAP) A. Yamamoto a, A. Huerta a, K. Gott b, T. Koshy c a Nuclear Safety Division, OECD Nuclear Energy

More information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information 6 th Floor, Tower A, 1 CyberCity, Ebene, Mauritius T + 230 403 6000 F + 230 403 6060 E ReachUs@abaxservices.com INFORMATION SECURITY POLICY DOCUMENT Information Security Policy Document Page 2 of 15 Introduction

More information

Effective Nuclear Security Regulation: The Importance of Trust. Dr. Roger Howsley Executive Director

Effective Nuclear Security Regulation: The Importance of Trust. Dr. Roger Howsley Executive Director Effective Nuclear Security Regulation: The Importance of Trust Dr. Roger Howsley Executive Director Second International Regulators Conference on Nuclear Security, Madrid, Spain, May 11-13, 2016 Outline

More information

Roadmaps to Securing Industrial Control Systems

Roadmaps to Securing Industrial Control Systems Roadmaps to Securing Industrial Control Systems Insert Photo Here Mark Heard Eastman Chemical Company Rockwell Automation Process Solutions User Group (PSUG) November 14-15, 2011 Chicago, IL McCormick

More information

Attachment A. Identification of Risks/Cybersecurity Governance

Attachment A. Identification of Risks/Cybersecurity Governance Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year

More information

Nuclear Security and Incident Response

Nuclear Security and Incident Response Hitachi Review Vol. 62 (2013), No. 3 168 Nuclear Security and Incident Response Kazuhiko Tanimura Hisayuki Ito Hiroyuki Kimura OVERVIEW: Since the Great East Japan Earthquake, there has been a requirement

More information

Code of Conduct on the Safety and Security of Radioactive Sources

Code of Conduct on the Safety and Security of Radioactive Sources FOREWORD In recent years there has been a growing awareness of the potential for accidents involving radiation sources, some such accidents having had serious, even fatal, consequences. More recently still,

More information

PROJECT BOEING SGS. Interim Technology Performance Report 1. Company Name: The Boeing Company. Contract ID: DE-OE0000191

PROJECT BOEING SGS. Interim Technology Performance Report 1. Company Name: The Boeing Company. Contract ID: DE-OE0000191 Interim Techlogy Performance Report 1 PROJECT BOEING SGS Contract ID: DE-OE0000191 Project Type: Revision: V2 Company Name: The Boeing Company December 10, 2012 1 Interim Techlogy Performance Report 1

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

A New Standards Project on Avoiding Programming Language Vulnerabilities

A New Standards Project on Avoiding Programming Language Vulnerabilities A New Standards Project on Avoiding Programming Language Vulnerabilities Jim Moore Liaison Representative from IEEE Computer Society to ISO/IEC JTC 1/SC 7 Liaison Representative between ISO/IEC JTC 1/SC

More information

EA-ISP-012-Network Management Policy

EA-ISP-012-Network Management Policy Technology & Information Services EA-ISP-012-Network Management Policy Owner: Adrian Hollister Author: Paul Ferrier Date: 01/04/2015 Document Security Level: PUBLIC Document Version: 1.00 Document Ref:

More information

Factory Acceptance Testing Guideline

Factory Acceptance Testing Guideline Factory Acceptance Testing Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se -1- Summary According to the

More information

Safety Requirements Specification Guideline

Safety Requirements Specification Guideline Safety Requirements Specification Comments on this report are gratefully received by Johan Hedberg at SP Swedish National Testing and Research Institute mailto:johan.hedberg@sp.se -1- Summary Safety Requirement

More information

Information Security in Business: Issues and Solutions

Information Security in Business: Issues and Solutions Covenant University Town & Gown Seminar 2015 Information Security in Business: Issues and Solutions A Covenant University Presentation By Favour Femi-Oyewole, BSc, MSc (Computer Science), MSc (Information

More information

Changing data needs from a life cycle perspective in the context of ISO 55000

Changing data needs from a life cycle perspective in the context of ISO 55000 Changing data needs from a life cycle perspective in the context of ISO 55000 Mr. Ed de Vroedt and Mr. Peter Hoving Affiliation: UMS Group Europe; edevroedt@umsgroup.com, +316 1026 6162 ABSTRACT This paper

More information

Guidance for the Quality Assurance of Fire Protection Systems

Guidance for the Quality Assurance of Fire Protection Systems Guidance for the Quality Assurance of Fire Protection Systems Prepared for: Office of Energy Research Office of Environment, Safety and Health Technical Support Prepared by: Roy F. Weston, Inc. October

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

MODEL BASED CYBER SECURITY ANALYSIS FOR RESEARCH REACTOR PROTECTION SYSTEM ABSTRACT

MODEL BASED CYBER SECURITY ANALYSIS FOR RESEARCH REACTOR PROTECTION SYSTEM ABSTRACT MODEL BASED CYBER SECURITY ANALYSIS FOR RESEARCH REACTOR PROTECTION SYSTEM JINSOO SHIN, RAHMAN KHALIL UR, GYUNYOUNG HEO Kyung Hee University, Seogyeong-daero, Giheung-gu, Gyeonggi-do, 446-701, Republic

More information

Why SIL3? Josse Brys TUV Engineer j.brys@hima.com

Why SIL3? Josse Brys TUV Engineer j.brys@hima.com Why SIL3? Josse Brys TUV Engineer j.brys@hima.com Agenda Functional Safety Good planning if specifications are not right? What is the difference between a normal safety and SIL3 loop? How do systems achieve

More information

Solutions and IT services for Oil-Gas & Energy markets

Solutions and IT services for Oil-Gas & Energy markets Solutions and IT services for The context Companies operating in the Oil-Gas & Energy sectors are facing radical changes that have a significant impact on their business processes. In this context, compliance

More information

A Security Approach in System Development Life Cycle

A Security Approach in System Development Life Cycle A Security Approach in System Development Life Cycle (1) P.Mahizharuvi, Research Scholar, Dept of MCA, Computer Center, Madurai Kamaraj University, Madurai. mahiconference@gmail.com (2) Dr.K.Alagarsamy,

More information

Nuclear Safety Council Instruction number IS- 23 on in-service inspection at nuclear power plants

Nuclear Safety Council Instruction number IS- 23 on in-service inspection at nuclear power plants Nuclear Safety Council Instruction number IS- 23 on in-service inspection at nuclear power plants Published in the Official State Gazette (BOE) No 283 of November 24 th 2009 Nuclear Safety Council Instruction

More information

The Cyber Threat Profiler

The Cyber Threat Profiler Whitepaper The Cyber Threat Profiler Good Intelligence is essential to efficient system protection INTRODUCTION As the world becomes more dependent on cyber connectivity, the volume of cyber attacks are

More information

Which cybersecurity standard is most relevant for a water utility?

Which cybersecurity standard is most relevant for a water utility? Which cybersecurity standard is most relevant for a water utility? Don Dickinson 1 * 1 Don Dickinson, Phoenix Contact USA, 586 Fulling Mill Road, Middletown, Pennsylvania, USA, 17057 (*correspondence:

More information

DRAFT REGULATORY GUIDE

DRAFT REGULATORY GUIDE DRAFT REGULATORY GUIDE SOFTWARE IN PROTECTION AND CONTROL SYSTEMS Issued for public comments by the Atomic Energy Control Board October 1999 Atomic Energy Control Board Commission de contrôle de l énergie

More information

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Impact of Cybersecurity Innovations in Key Sectors (Technical Insights) Customized cybersecurity measures help overcome Industry specific challenges September 2014 Table of Contents Section Slide Number

More information