Cyber security in nuclear power and automation in general is a balancing act between regulatory compliance, real security, and functionality. Engineers and operators want the system to run smoothly. Regulators and utilities want to maintain safety and production capacity. Security specialists want to implement complex security products. Researchers and media are flagging the myriad vulnerabilities. This paper discusses how to implement security measures that provide value as well as compliance. It will start with a high-level strategy for implementing controls based on NRC Regulatory Guide 5.71 and NEI 08-09. Next, lessons learned from implementing security in instrumentation and control systems will be presented, with the AP1000~® nuclear power plant as an example. The paper will conclude with a process for measuring and documenting security measures in order to support compliance and detect vulnerabilities.
展开▼