Кіберзахист інформаційних та керуючих систем АЕС
The article is devoted to the issues of risk assessment, in particular, to the cybersecurity risk assessment of instrumentation and control systems (I&C systems) of nuclear power plants (NPP) using the risk-informed approach. The authors focus on the urgent issue of ensuring information secu...
Збережено в:
| Дата: | 2022 |
|---|---|
| Автори: | , , , |
| Формат: | Стаття |
| Мова: | Ukrainian |
| Опубліковано: |
State Scientific and Technical Center for Nuclear and Radiation Safety
2022
|
| Онлайн доступ: | https://nuclear-journal.com/index.php/journal/article/view/1008 |
| Теги: |
Додати тег
Немає тегів, Будьте першим, хто поставить тег для цього запису!
|
| Назва журналу: | Nuclear and Radiation Safety |
Репозитарії
Nuclear and Radiation Safety| Резюме: | The article is devoted to the issues of risk assessment, in particular, to the cybersecurity risk assessment of instrumentation and control systems (I&C systems) of nuclear power plants (NPP) using the risk-informed approach. The authors focus on the urgent issue of ensuring information security and cybersecurity of nuclear facilities, taking into account the lack of full understanding the risk of cyber incidents. The important step to solve this issue is cybersecurity risk assessment to determine the probability of cyber-attacks and their potential consequences. Cybersecurity risk assessment allows identifying cybersecurity risk at the general and system level. In addition, it allows implementing cybersecurity measures based on the graded approach upon the results of the appropriate assessment and, as a result, to ensure the flexibility and adaptability of cybersecurity implementation.
The requirements for risk assessment and management without taking into account the specifics of the object (enterprises/institutions and/or systems etc.), assessment and management of information security risk, as well as cybersecurity risk of nuclear facilities are considered.
Using the risk-informed approach to assessing cybersecurity of the NPP I&C systems is described in the article. This approach provides a systematic cybersecurity risk assessment and management at each stage of the I&C system life cycle and allows preventing the use of vulnerabilities by attackers, which can lead to nuclear and radiation safety decrease.
The information about the recommended methodologies for cybersecurity risk assessment of the NPP I&C systems is provided. It was separately noted that currently, no regulatory document requires the use of a specific methodology for cybersecurity risks assessment of the NPP I&C systems. However, the most urgent issue of using the risk-informed approach to the cybersecurity assessment of the NPP I&C systems is the necessity to develop a methodology that will enable a comprehensive cybersecurity risk assessment of the NPP I&C systems. Moreover, it should take into account the features and specifics of ensuring nuclear and radiation safety at NPPs. |
|---|