Abstract

Individual systems or groups of systems related to the safety and operational instrumentation & control (I&C), and electrical systems are gradually replaced in existing nuclear power plants (NPPs) as part of modernization projects. Modernizations are usually scheduled over multiple years. Different automation platform generations and safety-related product families are deployed to progressively replace legacy systems. Typically, each of the new I&C platforms and products have their own set of engineering tools. One challenge for the modernization of installed systems is the safety and security approval of these heterogeneous systems by regulatory bodies. An NPP consists of systems manufactured by different vendors, which target different application domains, like category A according to IEC 61226 for a reactor protection system, category C for some control room data processing systems or nonclassified for auxiliary systems. Thus, replacing a legacy system by introducing a new one might bring in unknown risks, especially when the new system has more complex interfaces, e.g., when replacing an analog system by a digital system. Moreover, considering the time and budget limitations, commercial-off-the-shelf (COTS) hardware and software are also involved in modernization projects. In contrast to specialized equipment, vulnerabilities for COTS are widespread. On the other hand, existing security measures/mitigations are also required to reflect the system's changes, e.g., mitigations for known vulnerabilities of COTS systems. In order to make an overall and integrated safety analysis after a system change in the frame of a modernization project, it is necessary to jointly consider these I&C systems targeting different application domains, in addition to the physical aggregates, like sensors, pumps, and valves that interact with the physical processes. The restrictive deployment of wireless technologies may also be modeled and analyzed. While wireless is not deployed by legacy systems, it is being covered by new nuclear IEC standards, as some utilities intend to simplify selected I&C maintenance procedures that involve temporary data collection. The key modeling concepts consider new developments in the critical infrastructure and industrial automation domain. With the integrated modeling approach, different disciplines can be addressed, like probabilistic and deterministic safety analyses, security assessments, need for testing and specialized trainings.

References

1.
BMWi
,
2016
, “
IT-Sicherheit für die Industrie 4.0—Produktion, Produkte, Dienste von Morgen im Zeichen Globalisierter Wertschöpfungsketten—Studie im Auftrag des Bundesministeriums für Wirtschaft und Energie
,” BMWi, Berlin, Germany.
2.
Preckshot, G., Scott, J.,
1996
, “
A Proposed Acceptance Process for Commercial Off-the-Shelf (COTS) Software in Reactor Applications
, ” U.S. Nuclear Regulatory Commission, Rockville, MD, Report Nos. NUREG/CR-6421, UCRL-ID-112526.
3.
IEEE
,
2010
, “
Standard Criteria for Digital Computers in Safety Systems of Nuclear Power Generating Stations
,” IEEE, New York, Standard No. 7-4.3.2-2010.
4.
Waedt
,
K.
, and
Ding
,
Y.
,
2015
, “
Safety and Cybersecurity Aspects in the Safety I&C Design for Nuclear Power Plants
,”
Third China (International) Conference on Nuclear Power I&C Technology (CCNPIC)
, Shanghai, China, Apr. 8–10, p.
12
.https://www.researchgate.net/publication/277138105_Safety_and_Cybersecurity_Aspects_in_the_Safety_IC_Design_for_Nuclear_Power_Plants
5.
Dehof
,
M.
,
Lüder
,
A.
, and
Heinze
,
M.
,
2013
, “
An Approach for Modelling Communication Networks in Industrial Control Systems
,”
39th Annual Conference of the IEEE Industrial Electronics Society (IECON)
, Vienna, Austria, Nov. 10–13, pp.
7702
7707
.10.1109/IECON.2013.6700417
6.
Clausing
,
R.
,
Fischer
,
R.
,
Dittmann
,
J.
, and
Ding
,
Y.
,
2016
, “
Your Industrial Facility and Its IP Address: A First Approach for Cyber-Physical Attack Modeling
,”
Computer Safety, Reliability, and Security.
SAFECOMP 2016. (Lecture Notes in Computer Science, Vol.
9922
),
A.
Skavhaug
,
J.
Guiochet
,
F.
Bitsch
, eds.,
Springer
,
Cham, Switzerland
, pp.
201
212
.
7.
Waedt
,
K.
,
Parekh
,
M.
,
Tong
,
X.
,
Gao
,
Y.
,
Ding
,
Y.
, and
Xie
,
X.
,
2016
, “
Nuclear Safety and Risk Based Cybersecurity Testing
,”
47th Annual Meeting on Nuclear Technology
, Hamburg, Germany, May 10-12, p.
8
.
8.
IEC
,
2014
, “
Engineering Data Exchange Format for Use in Industrial Automation Systems Engineering—Automation Markup Language—Architecture and General Requirements
,” IEC, Geneva, Switzerland, Standard No. IEC
62714
1
.
9.
IEC
,
2015
, “
Engineering Data Exchange Format for Use in Industrial Automation Systems Engineering—Automation Markup Language—Role Class Libraries
,” IEC, Geneva, Switzerland, Standard No. IEC
62714
2
.
10.
IEC
,
2013
, “
Industrial Communication Networks—Network and System Security—Part 3-3: System Security Requirements and Security Levels
,” IEC, Geneva, Switzerland, Standard No. IEC 62443-3-3.
11.
Gao
,
Y.
,
Waedt
,
K.
,
Clausing
,
R.
,
Parekh
,
M.
,
Bajramovic
,
E.
, and
Gupta
,
D.
,
2017
, “
Cybersecurity Modelling for Nuclear Facilities: Interactions Between System Specifications and Security Controls
,”
IAEA International Conference on Nuclear Security: Commitments and Actions
, Vienna, Austria, Dec. 5–9, Paper No. IAEA-CN–244/436 RN:50017417.
12.
Parekh
,
M.
,
Waedt
,
K.
,
Ciriello
,
A.
, and
Gao
,
Y.
,
2016
, “
Cybersecurity During Plant Operation
,”
42 SNE Annual Meeting
, Santander, Spain, Sept. 28–30, p.
8
.
13.
Waedt
,
K.
,
Ding
,
Y.
,
Gao
,
Y.
, and
Xie
,
X.
,
2015
, “
I&C Modeling for Cybersecurity Analyses
,”
First TÜV Rheinland China Symposium—Functional Safety in Nuclear and Industrial Applications
, Shanghai, China, Oct. 10–20, p.
9
.
14.
IEC
,
2006
, “
Nuclear Power Plants—Instrumentation and Control Systems Important to Safety—Software Aspects for Computer-Based Systems Performing Category A Functions
,” IEC, Geneva, Switzerland, Standard No.
IEC 60880.
15.
Jockenhövel-Barttfeld
,
M.
,
Taurines
,
A.
, and
Hessler
,
C.
,
2016
, “
Quantification of Application Software Failures of Digital I&C in Probabilistic Safety Analyses
,” PSAM 13, Seoul, Korea, Oct. 2–7, p.
8
.
16.
Seibt
,
S.
,
Waedt
,
K.
, and
Odorfer
,
S.
,
2016
, “
3D Modeling of Selected Assets
,”
Security Zones and Conduits, Informatik 2016, Gesellschaft Für Informatik e.V., Klagenfurt
, Austria, Sept. 26–30, pp.
571
580
.
17.
Clausing
,
R.
,
Gao
,
Y.
,
Parekh
,
M.
,
Dittmann
,
J.
,
Waedt
,
K.
, and
Ding
,
Y.
,
2016
, “
Proposal for a Public Reference Architecture for Vulnerability Testing in Nuclear Power Plants
,”
IAEA International Conference on Nuclear Security: Commitments and Actions
, Vienna, Austria, Dec. 5–9, Paper No. IAEA-CN-244/63.
18.
IEC
,
2016
, “
Nuclear Power Plants—Instrumentation and Control Systems—Requirements for Coordinating Safety and Cybersecurity
,” IEC, Geneva, Switzerland, Standard No. IEC 62859.
19.
IEC
,
2011
, “
Nuclear Power Plants—Instrumentation and Control Important to Safety—General Requirements for Systems
,” IEC, Geneva, Switzerland, Standard No. IEC 61513.
20.
IEC
,
2016
, “
Nuclear Power Plants—Instrumentation and Control Important to Safety—Qualification of Platforms for Systems Important to Safety
,” IEC, Geneva, Switzerland, Standard No., IEC 63084.
21.
Bäckstrom
,
O.
,
Holmberg
,
J.-E.
,
Jockenhövel-Barttfeld
,
M.
,
Porthin
,
M.
,
Taurines
,
A.
, and
Tyrväinen
,
T.
,
2015
, “
Software Reliability in PSA; Failure Mode and Data Analysis
,” Nordic Nuclear Safety Research (NKS), Roskilde, Denmark, Report No. ISBN 978-87-7893-423-9.
22.
Jockenhövel-Barttfeld
,
M.
,
Bäckström
,
O.
,
Holmberg
,
J.
,
Porthin
,
M.
,
Taurines
,
A.
, and
Tyrväinen
,
T.
,
2015
, “
Modelling Software Failures of Digital I&C in Probabilistic Safety Analyses Based on the TELEPERM® XS Operating Experience
,”
Atw. Int. J. Nucl. Power,
60
(
3
), pp.
151
158
.https://inis.iaea.org/search/search.aspx?orig_q=RN:46063044
23.
IEC
,
2010
, “
Functional Safety of Electrical/Electronic/Programmable Electronic Safety-Related Systems
,” IEC, Geneva, Switzerland, Standard No. IEC
61508
4
.
24.
Waedt
,
K.
,
Ciriello
,
A.
,
Parekh
,
M.
, and
Bajramovic
,
E.
,
2016
, “
Automatic Assets Identification for Smart Cities—Prerequisites for Cybersecurity Risk Assessments
,”
IEEE International Smart Cities Conference (ISC2)
, Trento, Italy, Sept. 12–15, pp.
1
6
.10.1109/ISC2.2016.7580812
25.
ISO/IEC
,
2015
, “
Information Technology—Software Asset Management—Software Identification Tag
,” ISO/IEC, Geneva, Switzerland, Standard No. ISO/IEC
19770
2
.
You do not currently have access to this content.