0
Research Papers

The Need for Integrated Cybersecurity and Safety Training

[+] Author and Article Information
Deeksha Gupta

ICPGOP,
AREVA GmbH,
Henri-Dunant-Strasse 50,
Erlangen 91058, Germany
e-mail: deeksha.gupta@areva.com

Edita Bajramovic

ICPGOP,
AREVA GmbH,
Henri-Dunant-Strasse 50,
Erlangen 91058, Germany;
Department of Informatics,
Friedrich-Alexander-University
Erlangen-Nuremberg,
Martensstrasse 5,
Erlangen 91058, Germany
e-mail: edita.bajramovic@areva.com

Holger Hoppe

ICPGO,
AREVA GmbH,
Henri-Dunant-Strasse 50,
Erlangen 91058, Germany
e-mail: holger.hoppe@areva.com

Antonio Ciriello

ICM2,
AREVA GmbH,
Henri-Dunant-Strasse 50,
Erlangen 91058, Germany
e-mail: Antonio.Ciriello@areva.com

Manuscript received October 30, 2017; final manuscript received April 23, 2018; published online September 10, 2018. Assoc. Editor: John F. P. de Grosbois.

ASME J of Nuclear Rad Sci 4(4), 041006 (Sep 10, 2018) (7 pages) Paper No: NERS-17-1231; doi: 10.1115/1.4040372 History: Received October 30, 2017; Revised April 23, 2018

Companies involved in the nuclear energy domain, like component and platform manufacturers, system integrators, and utilities, have well-established yearly trainings on Nuclear Safety Culture. These trainings are typically covered as part of the annual quality assurance-related refresher trainings, introductory courses for new employees, or indoctrinations of temporary staff. Gradually, security awareness trainings are also addressed on a regular basis, typically with a focus on information technology, the daily office work, test bay, or construction site work environment, and some data protection and privacy-related topics. Due to emerging national nuclear regulation, steadily but surely, specialized cybersecurity trainings are foreseen for integrators and utilities. Beyond these safety, physical security and cybersecurity specific trainings, there is a need to address the joint part of these disciplines, starting from the planning phase of a new nuclear power plant (NPP). The engineers working on safety, physical protection, and cybersecurity must be aware of these interrelations to jointly elaborate a robust instrumentation and control architecture (defense-in-depth, design basis events, functional categorization and systems classification) and a resilient security architecture (security by design, security grading, zone model or infrastructure domain, security conduits, forensic readiness, security information, and event management). This paper provides more in-depth justification of when and where additional training is needed, due to the ubiquitous deployment of digital technology in new NPPs. Additionally, for existing NPPs, the benefits of conveying knowledge by training on specific interfaces between the involved disciplines will be discussed. Furthermore, the paper will address the need of focused training of management stakeholders, as eventually, they must agree on the residual risk. The decision-makers are in charge of facilitating the interdisciplinary cooperation in parallel to the allocation of resources, e.g., on security certifications of products, extended modeling-based safety and security analyses and security testing coverage.

FIGURES IN THIS ARTICLE
<>
Copyright © 2018 by ASME
Your Session has timed out. Please sign back in to continue.

References

IAEA, 2010, “ Nuclear Security Series No. 12: Educational Programme in Nuclear Security,” International Atomic Energy Agency, Vienna, Austria, Report No. IAEA NSS 10.
IAEA, 2011, “ Nuclear Security Series No. 13: Nuclear Security Recommendations on Physical,” International Atomic Energy Agency, Vienna, Austria, Report No. IAEA NSS 13.
IEC, 2016, “ Nuclear Power Plants—Instrumentation and Control Systems—Requirements for Coordinating Safety and Cybersecurity,” International Electrotechnical Commission, Geneva, Switzerland, No. IEC 62859.
Waedt, K. , and Ding, Y. , 2015, “ Safety and Cybersecurity Aspects in the Safety I&C Design for Nuclear Power Plants,” Third China (International) Conference on Nuclear Power I&C Technology (CCNPIC), Shanghai, China, Apr. 8–10, p. 12.
Ding, Y. , 2001, “ Automation of an Entire Nuclear Power Plant, Taking Tianwan, China, as an Example,” WANO-Workshop Computer Based I&C-Systems Necessity for Continuous Improvement.
Xu, X. , Li, Y. , and Ding, Y. , 2010, “ Design Optimization and Operational Experiences of Digital Safety I&C in Tianwan NPP/China,” Symposium Digital Safety I&C, Sept. 14–18.
Graf, A. , 2013, “ From Safety Objectives to the I&C Design,” IAEA Workshop on Obsolescence Issues and Digital I&C Modernization Approaches in Buenos Aires, Atucha, Argentina, Mar. 4.
Ding, Y. , 2014, Schutzzielorientiertes Design der Sicherheitsleittechnik, Atp ed., Vol. 56, Vulkan Verlag, Essen, Germany, pp. 54–61.
Waedt, K. , 2012, “ Establishing Cyber Security Programs for I&C Systems at Nuclear Facilities,” 43rd Annual Meeting on Nuclear Technology, Stuttgart, Germany, May 22–24, p. 6.
Waedt, K. , Lillo, E. , and Zavarsky, P. , 2015, “ Identification of the Critical Components of an ICS and Options to Protect Them,” World Institute for Nuclear Security (WINS) Workshop on Effective Integration of Physical Protection and Cyber Security, Vienna, Austria, Feb. 17–19.
ISO/IEC, 2011, “ Information Technology—Security Techniques—Information Security Risk Management,” International Organization for Standardization, Geneva, Switzerland, No. ISO/IEC 27005.
IEC, 2013, “ Industrial Communication Networks—Network and System Security—Part 3-3: System Security Requirements and Security Levels,” International Electrotechnical Commission, Geneva, Switzerland, No. IEC 62443-3-3.
Waedt, K. , Kuskov, A. , and Zavarsky, P. , 2014, “ Domain Based Security (DBSy) Applied to a Safety I&C Example,” IAEA Technical Meeting on Engineering and Design Aspects of Computer Security for I&C Systems at NPPs, Garching, Germany, Sept. 3–5.
IAEA, 2008, “ Nuclear Security Series No. 8: Implementation Guidance, Preventive and Protective Measures Against Insider Threats,” International Atomic Energy Agency, Vienna, Austria, Report No. IAEA NSS 8.
IAEA, 2011, “ Nuclear Security Series No. 10: Implementation Guidance, Development and Use of Design Basis Threats,” International Atomic Energy Agency, Vienna, Austria, Report No. IAEA NSS 10.
IAEA, 2008, “ Nuclear Security Series No. 7, Implementation Guidance, Nuclear Security Culture,” International Atomic Energy Agency, Vienna, Austria, Report No. IAEA NSS 7.
Bajramovic, E. , and Gupta, D. , 2016, “ Providing Security Assurance in Line With National DBT Assumptions,” First Annual Women in Nuclear (WiN), Shah Alam, Malaysia, Aug. 8–10, Paper No. 050005.
IEC, 2014, “ Nuclear Power Plants—I&C Systems—Requirements for Security Programmes for Computer-Based Systems,” International Electrotechnical Commission, Geneva, Switzerland, Report No. IEC 62645.
Bajramovic, E. , Waedt, K. , Ciriello, A. , and Gupta, D. , 2016, “ Project- and Plant-Specific Cybersecurity Awareness Training,” 42nd Annual Meeting of the SNE, Santander, Spain, Sept. 28–30, p. 8.
IAEA, 2010, “ A Report by International Nuclear Safety Group, the Interface Between Safety and Security at Nuclear Power Plants,” International Atomic Energy Agency, Vienna, Austria, Report No. IAEA INSAG 24.
Gupta, D. , and Bajramovic, E. , 2016, “ Security Culture for Nuclear Facilities,” First Annual Women in Nuclear (WiN), Shah Alam, Malaysia, Aug. 8–10, Paper No. 050014.

Figures

Grahic Jump Location
Fig. 1

Safety and security interface at the standards level

Grahic Jump Location
Fig. 2

Four levels of top down design process of safety I&C [4]

Grahic Jump Location
Fig. 3

Defense-in-depth with different defense lines [4]

Grahic Jump Location
Fig. 4

Examples of limiting the impact of security events to plant states [4,13]

Grahic Jump Location
Fig. 5

Critical infrastructure-related cybersecurity threat landscape [17]

Grahic Jump Location
Fig. 6

Cybersecurity awareness training process [17]

Grahic Jump Location
Fig. 7

Integrated safety and security training

Tables

Errata

Some tools below are only available to our subscribers or users with an online account.

Related Content

Customize your page view by dragging and repositioning the boxes below.

Related Journal Articles
Related eBook Content
Topic Collections

Sorry! You do not have access to this content. For assistance or to subscribe, please contact us:

  • TELEPHONE: 1-800-843-2763 (Toll-free in the USA)
  • EMAIL: asmedigitalcollection@asme.org
Sign In