HIGH ASSURANCE CYBESECURITY CONTROLS AGAINST PERSISTENT AND TARGETED ATTACKS ON INSTRUMENTATION AND CONTROL SYSTEMS IN NUCLEAR FACILITIES

摘要

In the paper, an insight into two high assurance cybersecurity plan templates for nuclear facilities, namely the templates of the NRC RG 5.71:2010 and NEI 08-09 Rev.6:2010, is provided. The two cybersecurity plan templates were developed to assist nuclear industry to comply with legal requirements of Title 10 of the U.S. Code of Federal Regulation §73.54. Regarding the compliance with the regulatory requirement, the paper discusses the concept of cybersecurity control overlays as a way to achieve a higher level of assurance that instrumentation and control systems in nuclear facilities are adequately protected against both legacy and advanced targeted attacks. In the paper, the control overlays are considered within the concept of layered defense-in-depth. Examples are shown to illustrate that control overlays applied to individual layers of the defense-in-depth result in a cybersecurity protection that can be modelled as an orthogonal two-dimensional layering of security controls. It is emphasized that the two-dimensional layering of security controls makes each layer of the defense-in-depth protection more robust against both intentional and unintentional compromise and in such way facilitates a higher level of assurance of an adequate protection against advanced cyberattacks.