THE STATUS OF CYBER SECURITY IN NUCLEAR ENERGY

Similar documents
A Regulatory Approach to Cyber Security

NRC Cyber Security Policy &

Cyber Security for Nuclear Power Plants Matthew Bowman Director of Operations, ATC Nuclear IEEE NPEC Meeting July 2012

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

NRC Cyber Security Regulatory

Cyber Security Considerations in the Development of I&C Systems for Nuclear Power Plants

Joint ICTP-IAEA School of Nuclear Energy Management November Nuclear Security Fundamentals Module 9 topic 2

IAEA 2015 INTERNATIONAL CONFERENCE ON COMPUTER SECURITY IN A NUCLEAR WORLD

Steven A. Arndt Division of Engineering Office of Nuclear Reactor Regulation

Options for Cyber Security. Reactors. April 9, 2015

MDEP Generic Common Position No DICWG 02

THE FUTURE OF NUCLEAR POWER IN THE UNITED STAES. Richard A. Meserve Carnegie Institution 1530 P St., NW Washington, DC

Nuclear Consultancy & Engineering Services

Announcement of a new IAEA Co-ordinated Research Programme (CRP)

An overview of available reactor designs 2012 Jim Thomson

Cyber Security R&D (NE-1) and (NEET-4)

Global Nuclear Power Developments Asia Leads The Way

U.S. NUCLEAR REGULATORY COMMISSION January 2010 REGULATORY GUIDE OFFICE OF NUCLEAR REGULATORY RESEARCH. REGULATORY GUIDE 5.71 (New Regulatory Guide)

Cyber Security Design Methodology for Nuclear Power Control & Protection Systems. By Majed Al Breiki Senior Instrumentation & Control Manager (ENEC)

The State-of-the-State of Control System Cyber Security

Presentation To: 22 st Annual Air Monitoring Users Group (AMUG) Meeting

Spreading the Word on Nuclear Cyber Security

CHALLENGES OF CYBER SECURITY FOR NUCLEAR POWER PLANTS. Kwangjo Kim

AN ANALYSIS OF TECHNICAL SECURITY CONTROL REQUIREMENTS FOR DIGITAL I&C SYSTEMS IN NUCLEAR POWER PLANTS

The U.S. Nuclear Regulatory Commission s Cyber Security Regulatory Framework for Nuclear Power Reactors

How To Write A Cyber Security Risk Analysis Model For Research Reactor

NUCLEAR REGULATORY COMMISSION. 10 CFR Part 73 [NRC ] RIN 3150-AJ37. Cyber Security Event Notifications

A 360 degree approach to security

AP1000 Technology: Passive & Proven

Foreign Obligations Notification Process

Plutonium Watch. Tracking Plutonium Inventories by David Albright and Kimberly Kramer. July 2005, Revised August 2005

AREVA: supply chain network principles and company s vision

Enabling a Smarter and Safer Nuclear Industry with a Secure, Real-time Data Infrastructure

Westinghouse Electric Company Overview

A CYBER SECURITY RISK ASSESSMENT FOR THE DESIGN OF I&C SYSTEMS IN NUCLEAR POWER PLANTS

A Nuclear New Deal. Jacques Besnainou. President, AREVA Inc. AREVA

U.S. Policy Objectives for HEU Minimization

Executive Director for Operations AUDIT OF NRC S CYBER SECURITY INSPECTION PROGRAM FOR NUCLEAR POWER PLANTS (OIG-14-A-15)

The World Nuclear Industry Status Report 2014

Application of FPGA-based Safety Controller for Implementation of NPPs I&C Systems Vladimir Sklyar, Technical Director

TURKISH NUCLEAR POWER PROGRAMME NUCLEAR ENERGY PROJECT IMPLEMENTATION DEPARTMENT

Cynthia Broadwell, Progress Energy. William Gross, Nuclear Energy Institute

Building New Generation Nuclear Plants Worldwide : AREVA's Experience

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C November 13, 2012

Keeping the Lights On

UNITED STATES NUCLEAR REGULATORY COMMISSION WASHINGTON, D.C March 3, 2011

Nuclear Security Requires Cyber Security

INDUSTRIAL CONTROL SYSTEMS CYBER SECURITY DEMONSTRATION

A Cost-Efficient Approach to High Cyber Security Assurance in Nuclear Power Plants

Cyber Security and the Canadian Nuclear Industry a Canadian Regulatory Perspective

U.S. Nuclear Regulation after Three Mile Island

COMPARISON OF ELECTRICITY GENERATION COST OF NPP WITH ALTERNATES IN PAKISTAN

Are you prepared to be next? Invensys Cyber Security

Why Nuclear Power Is Obsolete

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Mexican Efforts Towards Building a Design Basis Threat for Radiological and Nuclear Environment.

Renewable Choice Energy

PRELIMINARY STEEL IMPORTS INCREASE 17% IN JANUARY Import Market Share 32% in January

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

An International Perspective on Security and Compliance

Natural Gas and Greenhouse Gases. OLLI Lectures November 2014 Dennis Silverman Physics and Astronomy UC Irvine

Solutions for Nuclear & Renewable Power Generation

OVERVIEW OF THE OPERATING REACTORS BUSINESS LINE. July 7, 2016 Michael Johnson Deputy Executive Director for Reactor and Preparedness Programs

Backgrounder Office of Public Affairs Telephone: 301/

Introduction of the education and training courses to support emerging countries

SCADA Cyber Attacks and Security Vulnerabilities: Review

Corporate Perspectives On Cybersecurity: A Survey Of Execs

Executive Order 13636: The Healthcare Sector and the Cybersecurity Framework. September 23, 2014

Economic Development and the Risk of Global Climate Change

A DEVELOPMENT FRAMEWORK FOR SOFTWARE SECURITY IN NUCLEAR SAFETY SYSTEMS: INTEGRATING SECURE DEVELOPMENT AND SYSTEM SECURITY ACTIVITIES

The World Nuclear Supply

Nuclear power is part of the solution for fighting climate change

The Status of Nuclear Power in the World Before and After Fukushima

Security Requirements for Spent Fuel Storage Systems 9264

NSS 2014 UK NATIONAL PROGRESS REPORT. March 2014

NEI [Rev. 6] Cyber Security Plan for Nuclear Power Reactors

Public SUMMARY OF EU STRESS TEST FOR LOVIISA NUCLEAR POWER PLANT

WIND AND SOLAR ENERGY DEVELOPMENTS IN IRAN

NUCLEAR SECURITY CULTURE IN PRACTICE: IAEA GLOBAL APPROACH 20 March 2014, Amsterdam

Cyber Security Presentation. Ontario Energy Board Smart Grid Advisory Committee. Doug Westlund CEO, N-Dimension Solutions Inc.

SuccessFactors Employee Central: Cloud Core HR Introduction, Overview, and Roadmap Update Joachim Foerderer, SAP AG

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

REGULATORY GUIDE 5.29 (Draft was issued as DG 5028, dated May 2012) SPECIAL NUCLEAR MATERIAL CONTROL AND ACCOUNTING SYSTEMS FOR NUCLEAR POWER PLANTS

New Proposed Department of Energy Rules to Clarify and Update Part 810. By Shannon MacMichael and Michael Lieberman of Steptoe & Johnson, LLP 1

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Office for Nuclear Regulation

Research Note Engaging in Cyber Warfare

AREVA. Solutions for Nuclear & Renewable Power Generation

IAEA INTERNATIONAL FACT FINDING EXPERT MISSION OF THE NUCLEAR ACCIDENT FOLLOWING THE GREAT EAST JAPAN EARTHQUAKE AND TSUNAMI

Transcription:

THE STATUS OF CYBER SECURITY IN NUCLEAR ENERGY ANS Connecticut Local Section Home of Nautilus, Millstone, EB, Westinghouse (CE), Zachry Ted Quinn, ANS Past President President, Technology Resources, tedquinn@cox.net MAY, 2013

OUTLINE INTERNATIONAL GROWTH CYBER SECURITY (CS) HISTORY OF CS IN NUCLEAR PLANTS POTENTIAL TARGETS OF CS CODES AND REGULATORY GUIDES CONCLUSIONS

Pandora s Promise - Academy Award nominated director Robert Stone www.pandoraspromise.com

FORBES June 10, 2012 James Conca, Contributor How Deadly Is Your Kilowatt? We Rank The Killer Energy Sources http://www.forbes.com/sites/jamesconca/2012/06/10/energys-deathprint-aprice-always-paid/

Energy Source Mortality Rate Mortality Rate = (deaths/trillionkwhr) Coal global average 170,000 (50% global electricity) Coal China 280,000 (75% China s electricity) Coal U.S. 15,000 (44% U.S. electricity) Oil 36,000 ( 8% of electricity) Natural Gas 4,000 (20% global electricity) Biofuel/Biomass 24,000 (21% global energy) Solar (rooftop) 440 (< 1% global electricity) Wind 150 (~ 1% global electricity) Hydro global average 1,400 (15% global electricity) Nuclear global average 90 (17% global electricity w/chern&fukush)

Carbon Footprint! Proposed carbon footprint taxes are in the range of $15 to $40/ton of CO2 emitted, but assigning a physical footprint cost depends on the region, ecosystem sensitivities and importance. A hundred-acre wetlands to be flooded by a new dam is worth more to the planet than a barren hundred-acre strip under a solar array in the Mojave (P. Bickel and R. Friedrich, 2005).

Nuclear Units Under Construction and Planned Worldwide China Russia India USA Japan S. Korea UAE Ukraine Argentina Iran Pakistan France China, Taiwan Slovakia Brazil Finland 5 2 4 1 3 2 2 11 2 2 11 2 1 2 1 1 Proposed New Reactors 11 7 10 5 11 26 18 17 51 Under construction Planned Totals: 68 units under construction* 160 units on order or planned** Sources: International Atomic Energy Agency and project sponsors for units under construction and World Nuclear Association for units on order or planned. *Chart includes only countries with units under construction. **Countries planning new units are not all included in the chart. Planned units = Approvals, funding or major commitment in place, mostly expected in operation within 8-10 years. Updated: 10/12

China Nuclear Program 9

China Nuclear Power Plant Progress Fuqing Units 1 & 2-3 months ahead of schedule 20+ nuclear power units under construction Areva - EPR Westinghouse AP1000 China M310 (CNNC) China CNP1000 (CNNC) China CPR1000 (CGNPC) Atomstroyexport VVER-1000 AT THE SAME TIME 350 COAL PLANT HAVE BEEN COMPLETED IN THE LAST 7 YEARS (ONE-PER WEEK) Sl Invensys proprietary & confidential Fuqing Nuclear Plant

Fuqing Plant Site in China (six units)

AP1000 Progress at Sanmen 1 & 2

Digital Controls for New Nuclear Plants Digital I&C has proven to improve operability and efficiencies of the plant Unlike the analog plants digital plants are more complex requiring in depth review earlier in the design Modern technologies need to be applied allow for reduction in operational interruptions reduced surveillances, reduced calibrations, high level diagnostics advanced testing Lungmen Control Room

Slide 14 Fort St. Vrain Point-to-Point Control Room

Slide ESBWR Control Room Layout

Slide 16

Korean Operator Interface

Plant Design How a Nuclear Plant Works and ties to the grid Pressurized Water Reactor 18

Slide 19

Cyber Security (CS) Definition of CS Activities for prevention, protection and restoration of computers, electronic communication systems and services, wire communications, and their contents, from cyber attacks, to ensure confidentiality, integrity, availability, authentication and access control Types of CS Information or Computer Security, Communication Security Personnel Security Physical Security Cyber Attack Adversely impact the integrity or confidentiality of data and/or software Deny access to systems, services, and/or data Adversely impact the operation of systems, networks and associated equipment

Recent Cyber Security Problems 2004 Greek phones tapped by outsiders for months 2006 Italian phones tapped by insiders Feb 2008 Pakistan killed YouTube for hours Feb 2008 Florida wide-spread electric power outage Aug 2008 DefCon 16 Stealing the Internet Jun 2010 Stuxnet emerges Oct 2010 San Bruno CA gasline failure kills 8 Oct 2010 12yr old finds Firefox flaw -$3,000 Jan 2011 Keyless systems on Cars easily hacked Ap 2011 U.S. ORNL offline for weeks due to cyber attack Reported a non-u.s. commercial nuclear reactor was maliciously scrammed

History of CS in NPP Hacking Damages around us Banking Personal Information After 9/11 (2001) in U.S.A. Started to study the Cyber Security for NPP. Published new R.G. 1.152, Rev. 02 in 2006. Use of Digital Devices in Nuclear Facilities Digital Computer, Digital Controller Data Communication, Wireless Communication Rx Trips caused by CS Problems in U.S.A. 2006, Browns Ferry NPP : Recirculation pump stopped due to the excessive traffic on the plant I&C network. 2008, Hatch NPP : After a S/W update in a primary control sys., the system generated Rx trip signal.

History of CS in NPP Cyber Attack Demonstration Tested at Cyber Security Test Facility in INL, 2008 Test was funded by DHS of U.S.A. Test Result : An electric generator controlled by computer, was attacked by an intruder and destroyed in a few minutes.

Potential Targets of Cyber Security (Surveyed by IAEA) 25,000 Nuclear Weapons 3,000 tons Civil and Military HEU and Pu 480 Research Reactors (160 with HEU) 100 Fuel Cycle Facilities 440 Operating Nuclear Power Plants 100,000 Cat I and II Radioactive Sources 1,000,000 Cat III Radioactive Sources We always remind The minds of criminals are never at rest

Cyber Security Threats to Nuclear Power Critical Infrastructure Quotes from law enforcement: - «Threats from cyber-espionage, computer crime, and attacks on critical infrastructure will surpass terrorism as the number one threat facing the United States.» - FBI Director Robert Mueller - «In the same way we changed to address terrorism, we have to change to address cybercrime.» - FBI Director Robert Mueller

Administration and Congressional Interest Recent Letters to Industry CEOs - Senator Rockefeller in September 2012 - Congressman Markey and Congressman Waxman in January Legislation unlikely in this Congress White House Executive Order and Policy Directive

US NRC R.G. 1.152, Rev. 02 issued on 01/2006 Overview To achieve the security of computer system - Design the security characteristics meeting licensee requirements. - Document the computer codes being developed - Install and maintain the computer systems according to the licensee cyber security program and administration procedures Regulatory Position Scope : Physical and Cyber Security Target : Digital Safety I&C Systems Method : Implementing the CS activities Updated 2011 Rev 3 Non-Malicious only for life-cycle

US NRC R.G. 1.152, Rev. 02 Cyber Security Activities for Design Life Cycle Planning Requirement Design Implement Test (Integration) Test (Validation) Installation O & M CS Policy CS Plan, CS Team, CS Analyses CS Activities Establish & Implement CS procedures Risk Assessment (Vulnerability) CS Design Integrated CS Assessment Validation of CS Design Activities for Installation Test Periodic Test, CM

10 CFR 73.54 issued on 03/2009 10 CFR 73.54, Protection of Digital Computer and Communication Systems and Networks. Implementation By 11/23/2009, All utilities should submit a CS plan (inc. implementation schedule) for the NRC review and approval Target System and Support Systems for Safety, Security and Emergency Preparedness (SSEP) functions Contents Describes the activities to protect digital computer and communication systems and networks

US NRC R.G. 5.71 issued on 01/2010 Overview To provide a comprehensive approach to comply with 10CFR73.54 To extend CS target from the safety and safety-related I&C to rest of the plant To recommend the detailed security controls Regulatory Position Proposing the elements of CS plan Providing the requirements for Establishing and Implementing a CS program with Technical Security Controls Maintaining the CS program with Operational and Management Security Controls Records Retention and Handling Industry Side NEI 08-09 R6 Security Life Cycle Process

S L I E IAEA Guidance Pub 17 Issues 2011 Computer Security at Nuclear Facilities Design Guidance & Considerations on Cyber Security Issues Management Guide Implementation Guide Defense-in-depth Strategy Subzone 1B Subzone 1A Zone 2 IT System Subzone 3B Subzone 3A Subzone 3C Subzone 4B Subzone 4B Zone 1 No Remote Access Zone 2 [NPP IT Systems] Zone 3 Zone 4 Zone 1 : Electro-technical systems and I&C Zone 2 : Process-computing systems Zone 3 : Administrative computer systems Zone 4 : External Systems

CyberSecurity from NRC View Why Threat and Consequence What Modes of Protection How Performance-Based Regulation

Why - Threat - Threat What is an Advanced Attack? What We Know/ Don t Know Attack Vectors Internal/External

Why -- Threat

Cyber Security Roadmap Provides an update to the NRC Commission on the status of the implementation of cyber security Requirements for power reactor licensees and Combined License applicants The Roadmap outlines the approach for evaluating the need for cyber security requirements for the following four categories of the NRC licensees and facilities: Fuel cycle facilities Non-power reactors Independent Spent Fuel Storage Installations Byproduct materials licensees

NRC Milestone Commitments Interim Milestones 1 through 7 The extensive workload associated with full implementation of the Cyber Security Plan (CSP) requires prioritization to assure those activities that provide higher degrees of protection against radiological sabotage are performed first. Completed 12/31/2012 Milestone 8 Full program implementation Site specific dates

What Modes of Protection

Challenges Scope of Cyber Security Breadth of Programs (Physical Security, Maintenance, Digital I&C Development, etc.) Monitoring the Threat-scape Workforce Training and Development

Conclusion: Necessity of CS: Why? All NPPs shall be licensed for CS in the near future. Use of full digital devices in NPP such as computer, DCS, PLC, network, etc. Insufficient CS feature of control systems against intruders. Hacking technologies are rapidly being advanced. NPPs are part of the United States critical infrastructure that needs to be protected.

Paper Reactors, Real Reactors Characteristics of an Academic Plant It is simple It is small It is cheap It is light It can be built very quickly It is very flexible in purpose. Very little development is required. It will use mostly off the shelf components. The reactor is in the study phase it is not being built now. Characteristics of a Practical Reactor Plant It is being built now. It is behind schedule. It is requiring an immense amount of development on apparently trivial items. Corrosion, in particular, is a problem. It is very expensive It takes a long time to build because of the engineering development problems. It is large It is heavy It is complicated (By Admiral Hyman Rickover, 1953)

Presentation To: ANS Conn. Local Section Thanks and Q&A! Ted Quinn, ANS Past President President, Technology Resources, tedquinn@cox.net May, 2013

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information