atw 2018-05v6

inforum

atw Vol. 63 (2018) | Issue 5 ı May

ENVIRONMENT AND SAFETY 288

| | Fig. 6.

Attack Tree Analysis based on Security Controls.

then associated to a timeline. Therefore log file either

should be on or enabled.

Record 1

(deleted)

Record 2

(new generated)

4. Direct logging without relying on process

control software

Direct and completely independent logging of the data

is another detective security control. The data should

be stored in analog and binary variables before collecting

it together like in Security Information and Event

Management (SIEM) [20]. As shown in the Figure 7, the

values of regular changes in centrifuge pump speed could

be stored in a separate system before sending them to the

central data storage system. This security control will help

to keep the data secured in case of attacker makes any

changes in the central display of the data.

5. Other security controls

Periodical scan of the software should be done to avoid

some abnormal things in the system. And also handling of

new generated file is important to avoid any cyber-attack.

| | Fig. 7.

Direct Logging of Speed of a Centrifuge Pump.

100_Room1_

2016-06-15_12:38

| | Tab. 1.

An Example of Naming Convention.

250_Room1_

2016-06-15_12:38

NEI 08-09 requires log records are reviewed at least every

92 days, or as required by the Physical Security Plan.

In addition, each generated new file should follow the

predefined naming. Individual generated file should have

a source. In addition, new created file should have property

to specify its source as shown in the Table 1 so that no one

can override the existing file with malicious codes.

Conclusion

Non-targeted cybersecurity attacks, e.g. malware that is

not conceived for the manipulation a specific target,

can be sophisticated. Completely preventing these attacks

as well as Advance Persistent Threats cannot be addressed

only by protective security controls. Detective security

controls are necessary to identify attacks within a

reasonable time frame and they are the precondition

for initiating the application of protective controls.

Accordingly, resilient implementations of detective

security controls are needed, in line with the stringency

of the security grading. In this paper the most important

detective controls, like the logging at all relevant levels

were addressed. The benefits of securing the information

generated by the detective controls by using data diodes

were explained together with example architectures

that merge the collected security intelligence as input

of a central Security Information and Event System.

As two important conceptual extensions, the security

controls based on independent data collection, directly

from physical devices and the monitoring and evaluation

of analog and binary signal value transients were

introduced. Implementing appro priate combinations of

these resilient detective security controls will help in

improving the security posture of refurbished and new

power plants.

Environment and Safety

Detective Application Security Controls for Nuclear Safety ı Deeksha Gupta, Karl Waedt and Yuan Gao

More magazines by this user
Similar magazines