The Research on Instrumentation and Control Network Security Management System for Nuclear Power Plants

Project: Atomic Energy CouncilAtomic Energy Council Commission Research

Project Details

Abstract

Modern nuclear power plants have been adopting open standards in their digital networks to enhance extensibility and interoperability. This also opens another possibility for an attacker to intrude into the networks. To prevent digital networks from being attacked, the U.S. Nuclear Regulatory Commission provides guidelines regarding achieving high reliability and design quality requirements. However, quality assurance in hardware/software components is not sufficient to ensure the security of the overall network system. Security policies and sound system administration are also indispensable factors to rigid security. To achieve the goal of rigid security, the British Standards Institution establishes the BS7799-2 standard for building information security management systems; this standard is featured with a thorough consideration of every aspect in information security. In 2005, BS7799-2 was recognized as ISO27001:2005 by the International Organization for Standardization and became the first international standard for information security management system. The Taiwan government organized the National Information and Communication Security Taskforce in 2001, which is responsible for creating an overall protection system for information and communication systems in public sector organizations. The BS7799-2 standard is the foundation of all the security processes. To enhance the level of security protection in the Taiwan nuclear power plants, this investigation aims at the scope of digital instrumentation and control networks in the Fourth Nuclear Power Plant, takes advantages of the guidelines of NEI-04-04 and RG 1.152, follows the network security standard of NUREG-0800 Appendix 7.1-D and attempts to plan and design an ISMS based on the methodology of BS7799. With the experience of acquiring the certificate of BS7799 Lead Auditor Course, the investigator can produce a comprehensive report of ISMS implementation. The result of this investigation will be able to help nuclear power plants to organize and establish the first phase of Instrumentation and Control Network Security Management System (ICNSMS), which thinks over information and network security issues in a comprehensive perspective.

Project IDs

Project ID:PG9706-0144
External Project ID:972001INER005
StatusFinished
Effective start/end date01/01/0831/12/08

Keywords

  • Vulnerability Analysis
  • Risk Assessment
  • Information Security Management System

Fingerprint

Explore the research topics touched on by this project. These labels are generated based on the underlying awards/grants. Together they form a unique fingerprint.