atw 2017-06

More documents

Recommendations

Info

atw Vol. 62 (2017) | Issue 6 ı June 396 OPERATION AND NEW BUILD does not require electrically driven components. Westinghouse determined the required amount of water spray needed to cool the spent fuel pool during Design Extension Conditions A and B analytically; designed the system’s hydraulics to provide sufficient flow rates for the volume; defined the corresponding pipe diameters; and determined the pipe routing, based on the on the local space restrictions around Krško Nuclear Power Plant’s spent fuel pool. Westinghouse also conducted experimental testing at the Lechler GmbH Technology Center Metzingen to determine the coverage and distribution of the spent fuel pool spray nozzles and to confirm the spray height, setting angle horizontal orientation, pressure and volume of water flow. The spent fuel pool spray system is planned to be installed by the end of 2017. References [1] Western European Nuclear Regulators Association (WENRA): WENRA Safety Reference Levels for Existing Reactors, September 2014. [2] Nuclear Energy Institute (NEI): B.5.b Phase 2 & 3 Submittal Guideline, Revision 2, NEI 06-12, December 2006. [3] Sandia National Laboratories: Mitigation of Spent Fuel Pool Loss-of Coolant Inventory Accidents And Extension of Reference Plant Analyses to Other Spent Fuel Pools, Sandia Letter Report, Rev. 2, November 2006. [4] Lechler GmbH, Technology Center Metzingen. Authors Dipl.-Ing. Christoph Hartmann Project Engineer Safety Engineering Dr.-Ing. Zoran Vujic Marketing Manager Business Development Westinghouse Electric Germany GmbH Dudenstraße 6 68167 Mannheim, Germany Cyber Security in Nuclear Power Plants and its Portability to Other Industrial Infrastructures Sébastien Champigny, Deeksha Gupta, Venesa Watson and Karl Waedt Introduction This technical contribution provides a snapshot of the current cyber security efforts in different industry domains. We argue that stringent security controls (countermeasures) that are already in place for nuclear power plants (NPP) can be ported to other industry domains. A reason for this is that the nuclear domain is more formally regulated, thus graded security requirements were already mandated long before the critical infrastructure debates started and before gradual enforcement of the European and national legislation. Note: Generally, in the nuclear and industrial automation domain, the term “control” is used mainly to denote Instrumentation and Control (I&C), Industrial Automation and Control Systems (IACS) or SCADA (Supervisory Control and Data Acquisition) referring to control theory tasks. However, in the security context, the term “Security Control” is ubiquitous, and means any countermeasure that can reduce the systems risk due to security threats. Countermeasures are not limited to add-on provisions at the components or systems level. For example, they also include provisions at the software source code level. In Section 1, we will provide an overview of current international and national cyber security guidance, and how this guidance evolved for International Atomic Energy Agency (IAEA), Nuclear IEC and selected countries. Section 2 summarises the increasing cyber security efforts for Industrial Automation and Industry 4.0 as well as its Chinese “Manufactured in China 2025” and US “Industrial Internet of Things” counterparts. Section 3 provides reasons for the portability of Security Controls from Nuclear to other industrial infrastructure. Summary provides an outlook on the newest cyber security-related activities in the different domains, and concludes with a summary of the main steps that are necessary for achieving and maintaining a target security level. 1 Cyber security and safety requirements for NPPs In the nuclear domain, for Safety, Human Factors Engineering, Physical Security, Radiation Protection and Cyber Security, the international top-level guidance is provided by the IAEA. The IAEA guidance is regularly updated based on priorities set by yearly or bi-yearly meetings of representatives of all IAEA member states. The overall IAEA Cyber Security guidance is refined, e.g. for Instrumentation & Control (I&C) and Electrical Systems (ES), by the Nuclear IEC subcommittees. However, each country may supersede the international guidance by providing a mandatory higher priority regulation, as will be addressed in section 1.4 for selected countries. 1.1 Stringent and graded security requirements for I&C already since 1986 Safety and security grading are essential when addressing critical industrial infrastructures. Grading by Safety Categories in IEC 61226 and Safety Classes in IEC 61513, were already in place since the first editions of these standards. The softwarespecific requirements for software implementing Category A or Category Operation and New Build Cyber Security in Nuclear Power Plants and its Portability to Other Industrial Infrastructures ı Sébastien Champigny, Deeksha Gupta, Venesa Watson and Karl Waedt
atw Vol. 62 (2017) | Issue 6 ı June B and C I&C functions, are also graded by the respective standards IEC 60880:1986 and IEC 62138. The first edition of IEC 60880:1986 already contained explicit requirements on security during software development and security during software deployment, two essential phases in the software development lifecycle. 1.2 Overall IAEA Cyber security Guidance The IAEA Cyber security Guidance is published in the IAEA Nuclear Security Series (NSS). Currently the top-level guidance is IAEA NSS 17 from 2011. Developing this guidance took several years with considerable input by member states provided since 2006, and essential agreements being achieved during the first major IAEA cyber security conference in summer 2011. IAEA NSS 17 introduces a graded security approach with 5 security levels and recommendations on security zones. IAEA NSS 17 is complemented by IAEA NSS 8 on preventive and protective measures against insider threats, and further IAEA NSS guidance, including IAEA NSS 12, on a comprehensive educational program in nuclear security. 1.3 Nuclear IEC Cyber security Standards Subsequently, the three major Nuclear IEC cyber security standards will be introduced. 1.3.1 The Top-level Nuclear IEC Cyber security Standard After initial attempts to structure the top-level nuclear IEC standard according to nuclear safety and other criteria, finally, a core-team devised the alignment with the most popular information security standard ISO/ IEC 27001:2005 then in place. This structuring was proposed mainly in order to reduce the initial training needs of security staff already familiar with the mainstream standards, and in order to avoid annexes with cumbersome mappings. While ISA99 experts were involved in the development of the first toplevel nuclear IEC 62645:2013 cyber security standard, an alignment with ISA99 industrial cyber security standards or the corresponding IEC 62443-x-x was ultimately not attempted, as several planned parts of the IEC 62443-x-x series were not yet available and because the Security grading follows a different approach, as will be addressed in a subsequent section. | | Fig. 1. Safety functions, process functions and I&C functions. 1.3.2 Coordinating safety and cyber security by IEC 62859 Whether safety and cyber security should be considered jointly or subsequently, is a part of ongoing debates in different industry domains. For nuclear, the security grading is directly related to the potential impact of a security attack on nuclear safety. Figure 1 shows the hierarchical refinement from Safety Objectives (level 1) down to I&C Functions (level 3 and 4). Main safety objectives are control of reactivity, residual heat removal and confinement of radioactive material. Cyber security is applied at the level of I&C and IT equipment while considering the potential impact of manipulations on Safety Functions and Safety Objectives. IEC 62859:2016 [1] specifies the main requirements for coordinating safety and cyber security. In other industries, work on this important topic was just started, e.g. by the new working group WG20 of IEC TC65. 1.3.3 Detailed security controls for nuclear by IEC 63096 Similar to the alignment of IEC 62645 with ISO/IEC 27001, the new working draft IEC 63096 is being aligned with the ISO/IEC JTC1/SC27 WG1 standard ISO/IEC 27002:2013. This nuclear IEC standard extends the generic security controls of ISO/IEC 27002 by recommendations for each security level: BR (Baseline Requirements), S3, S2 and S1 (highest security level). It also provides guidance for the main I&C and ES (Electrical Systems) lifecycle phases: Product & Platform Development, Engineering and Operation & Maintenance. Additionally, it provides security control specific guidance for legacy I&C and ES systems. As a sector-specific standard, similar to ISO/IEC 27009 [3], for non-nuclear utilities, IEC 63096 provides guidance that is structured and formatted in principle in line with ISO/IEC 27009 which provides common guidance on the elaboration of sector-specific security controls and Information Security Management Systems (ISMS) standards. 1.4 International and national nuclear cyber security regulations Table 1 lists the international standards discussed above, along with the national standards for Germany, USA and the UK. In Germany, SEWD (Schutz gegen Störmaßnahmen oder sonstige Einwirkungen Dritter/Protection against Disruptive Acts or Other Intervention of Third Parties) is a requirement found in §6 para. 2 no. 4 Atomic Energy Act. released in 1959. [7]. Licenses for the storage of nuclear fuels are only granted once risks and threats, as a result of SEWD, can be considered as negligible. Created by Congress in 1974, the USA’s NRC regulates commercial nuclear power plants and other uses of nuclear materials. NRC RG 5.71 [4] provides guidelines for the protection of digital computer and communication systems and networks from cyberattacks, against which licensees should provide assurance. The Nuclear Energy Institute (NEI) 08-09 “Cyber Security Plan for Nuclear Power Reactors” provides a generic template for a cyber security plan, which must be used by licensees to develop their cyber security plans to be submitted to the NRC [8]. The HMG IA (Information OPERATION AND NEW BUILD 397 Operation and New Build Cyber Security in Nuclear Power Plants and its Portability to Other Industrial Infrastructures ı Sébastien Champigny, Deeksha Gupta, Venesa Watson and Karl Waedt
Page 1 and 2: nucmag.com 2017 6 ISSN · 1431-5254
Page 3 and 4: atw Vol. 62 (2017) | Issue 6 ı Jun
Page 5 and 6: Kommunikation und Training für Ker
Page 31: atw Vol. 62 (2017) | Issue 6 ı Jun
Page 67 and 68: PROGRAMME OUT NOW VGB CONGRESS 2017

atw 2017-06

Create successful ePaper yourself

Delete template?

Save as template?