STUDY OF REQUIREMENTS AND CYBER SECURITY ANALYSIS OF THE SOFTWARE OF INFORMATION AND CONTROL SYSTEMS OF NPP, IMPORTANT FOR SECURITY
DOI:
https://doi.org/10.28925/2663-4023.2024.23.111131Keywords:
cyber security; software; information and control systems; nuclear power plants; energy.Abstract
In order to counter cryptoattacks on elements of critical infrastructure, in particular on computer control systems of nuclear power plants, the goal achieved in this work is to analyze the requirements for computer security (cyber security) of the software of this system, which are relevant to the stage of its design, development and operation, as well as proposed criteria and methodology for calculating the quality of compliance with these requirements. To achieve the goal, the first section of the article provides information on standards and identified requirements for software cyber security. In the second section, an analysis of the requirements is carried out and an approach to software development is described, taking into account these requirements and analyzing their consideration. In the third section, an approach to calculating the performance indicator of software cyber security requirements is proposed. The fourth chapter provides an example of the application of this approach to the existing computerized NPP management system to assess compliance with cyber security requirements. The article discusses the requirements of the international standard IEC62645 and the industry standard of Ukraine “NP 306.2.237-2022”, which are related to the development of software for the computer control system of nuclear power plants. Ensuring cyber protection of the software of the NPP computer management system is a complex task that includes administrative, legal, technical, cultural, and organizational components. From the point of view of software development and operation, the main cyber security measures include software code verification, ensuring the absence of hidden functions, implementing physical equipment protection, security of software components, authentication, security during data exchange. To determine the compliance of the software with the requirements of cyber protection, it is necessary to determine the requirements applicable to each component of the software and conduct an analysis of their implementation. This action should occur continuously during the development of new software and software evaluation of existing computer control systems. After the analysis of the applicability and fulfillment of the requirements, the calculation of the coefficient of the fulfillment of the requirements can be carried out. It was noted that cyber protection is only a component of the quality of the software of the NPP computer control system, which is important for the performance of security functions. The analysis of requirements and the calculation of the coefficient of their fulfillment can be an integral part of the complex model of the software development process of the computer system of NPP management.
Downloads
References
Nuclear power plant. (2019). VUE. https://vue.gov.ua/Атомна_електростанція
Operating NPPs of Ukraine. (n.d.). Uatom.org. https://www.uatom.org/zagalni-vidomosti
War and atomic energy: how Zaporizhia NPP works under occupation. (n.d.). Suspilne|News. https://suspilne.media/254222-vijna-ta-atomna-energia-ak-pracue-zaporizka-aes-pid-okupacieu/
These countries have the most nuclear reactors. (2019). Weforum. https://www.weforum.org/agenda/2019/11/countries-that-have-the-most-nuclear-power-alternative-energy-electricity-climate-change/?DAG=3&gad_source=1&gclid=CjwKCAiAyp-sBhBSEiwAWWzTnlkktfFh8DZ27khXqhSO76F18heFwSfVPxqo1oN07YwKaMUU_SjOMBoCpe0QAvD_BwE
Cyber attacks of the Russian Federation. Chronology. (2018). Ministry of Defence Ukraine. https://www.mil.gov.ua/ukbs/kiberataki-rosijskoi-federaczii-hronologiya.html.
The biggest cyber attacks against Ukraine since 2014. Infographics. (n.d.). news of Ukraine and the world. main and latest news – NV. https://nv.ua/ukr/ukraine/events/najbilshi-kiberataki-proti-ukrajini-z-2014-roku-infografika-1438924.html
Ukrainian Pravda. (2023). Cyber attack on “Kyivstar”: how hackers managed to “make” a connection and whether such attacks are possible in the future? https://www.pravda.com.ua/podcasts/63bff58767d28/ 2023/12/21/7434067/
The SSU is helping Kyivstar restore the network. (n.d.). https://ssu.gov.ua/novyny/sbu-dopomahaie-kyivstaru-vidnovyty-robotu-merezhi
The state of cybersecurity in 2023 - Just Food | Issue 52 | June 2023. (б. д.). Home | Slimmer pickings? - Just Food | Issue 55 | March 2024. https://just-food.nridigital.com/just_food_jun23/cybersecurity-trends-market-forecast-2023
Enemy hackers are attacking the critical infrastructure of Ukraine: it is necessary to constantly work on strengthening protection. (2023). State Service of Special Communications and Information Protection of Ukraine. https://cip.gov.ua/ua/news/vorozhi-khakeri-atakuyut-kritichnu-infrastrukturu-ukrayini-pracyuvati-nad-posilennyam-zakhistu-treba-postiino
Vintenko, B., et al. (2023). Study of regulatory documents and industry standards for the development of software for NPP computer control systems important for safety. Control, navigation and communication systems, 2(72), 170–178. https://doi.org/10.26906/SUNZ.2023.2.170
Vintenko, B., et al. (2023). Study of the requirements of international standards IEC60880 and IEC62138 for the development of software for information and control systems of nuclear power plants important for safety. Control, navigation and communication systems, 3(73), 155–166. https://doi.org/10.26906/SUNZ.2023.3.155
Nuclear power plants - Instrumentation and control systems important to safety - Software aspects for computer-based systems performing category A functions (IEC 60880:2006). (2006). International Electrotechnical Committee.
Nuclear power plants - Instrumentation and control systems important for safety – Software aspects for computer-based systems performing category B or C functions. (IEC62138-2004). (2004). International Electrotechnical Commission.
Simonov, A., et al. (2019). Computer security of NPP information and control systems: documents justifying computer security. Nuclear and radiation safety, 4(84), 73–81. https://doi.org/10.32918/nrs.2019.4(84).09
Limba, T., et al. (2017). Cyber security management model for critical infrastructure. Entrepreneurship and Sustainability Issues, 4(4), 559–573. https://doi.org/10.9770/jesi.2017.4.4(12)
Nuclear power plants - Instrumentation and control systems – Requirements for security programmes for computer-based systems. (IEC62645-2014). (2014). International Electrotechnical Commission.
Requirements for cyber protection of information and control systems of nuclear plants to ensure nuclear and radiation safety. (NP 306.2.237-2022). (2022). State Nuclear Regulatory Commission of Ukraine.
Nuclear power plants - Instrumentation and control important to safety – Classification of instrumentation and control functions. (IEC61226-2009). (2009). International Electrotechnical Commission.
Bakhmach, Y., et al. (2008).Failure-resistant information and control systems on programmable logic. “KHAI” NAU, “Radio” R&PE.
Published
How to Cite
Issue
Section
License
Copyright (c) 2024 Борис Вінтенко, Ірина Миронець, Олексій Смірнов, Оксана Кравчук, Наталія Козірова, Григорій Савеленко, Анна Коваленко
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
