PROJECT METHODOLOGY FOR THE IMPLEMENTATION OF CYBER SECURITY CONTROLS

摘要

Nuclear licensees in the United States are required by Title 10, Part 73, "Physical Protection of Plants and Materials," Section 73.54, "Protection of Digital Computer and Communication Systems and Networks," of the Code of Federal Regulations, to 'provide high assurance that digital computer and communication systems and networks are adequately protected against cyber attacks, up to and including the design basis threat as described in 10 CFR Part 73, Section 73.1'. This paper describes a project methodology for the analysis, design and implementation of cyber security controls for process monitoring and control systems in a nuclear power plant. The framework used is the Nuclear Energy Institute Cyber Security Plan for Nuclear Power Reactors, NEI 08-09 [Rev 6]. Challenges facing nuclear licensees are identified and addressed. The project methodology addresses some of the unique requirements of a nuclear plant, viz. a secure development environment, the regulatory framework, identification of digital equipment and networks, interoperability and integration of proposed solutions and scalability. Major project phases are Planning, Analysis, Design, Development, Validation and Implementation.