NuPIC 2013 이 정 권 2013. 11. 7 원자로설계개발단 계측제어설계그룹 필수디지털자산 식별 및 보안 통제 적용 방안 검토 제5회 원전계측제어 심포지엄(NuPIC 2013)
NuPIC 2013
이 정 권
2013. 11. 7
원자로설계개발단 계측제어설계그룹
필수디지털자산 식별 및 보안 통제 적용 방안 검토
제5회 원전계측제어 심포지엄(NuPIC 2013)
NuPIC 2013 1
1. Cyber Security 규제 요건
2. Cyber Security Plan(CSP) 개요
3. CSs & CDAs 확인 절차
4. Cyber Security Controls 검토
목차
5. CDA Control Compliance 검토
6. 요약
NuPIC 2013
10 CFR 73.54, "Protection of
Digital Computer and Comm.
Systems and Networks“, Mar. 2009
RG 5.71 “Cyber Security Programs for
Nuclear Facilities”, Jan. 2010
NEI 80-09 (Rev. 6) “Cyber Security Plan for
Nuclear Power Reactors”, April 2010
1. Cyber Security 규제요건
2
2004 2005 2006 2007 2008 2009 2010 2011 2012 2013
NEI 10-04 (Rev. 2) “Identifying
Systems and Assets Subject to the
Cyber Security Rule”, July 2012
통제기반 접근방식
NUREG/CR-6847,"Cyber Security Self-
Assessment Method for U.S. NPP", 2004
NEI 04-04, "Cyber Security Program
for Power Reactors", 2005
리스크기반 접근방식
UAE사업 사이버보안
FANR-REG-08 Article 24 “Cyber Security”
FANR-RG-011 “Guidance on Cyber
Security at Nuclear Facilities”, 2012
BNPP Cyber Security Plan (Rev. 0)
Directed CCR ENA-CCR-13-0089, 2013
■ 배경
NuPIC 2013
1. Cyber Security 규제요건
3
RG 5.71 요건
SSEP Functions
Safety-related and important-to-safety functions
Security functions
Emergency Preparedness functions, including offsite
communications
Support Systems and Equipment which, if compromised,
would adversely impact SSEP Functions
BNPP FANR-RG-011 요건
SSSEP Functions 로 변경. 즉 아래 항목이 추가됨
Safeguard
다음 기능 관련된 DCCSN*가 사이버 위협(DBT 포함)으로부터 적절히
보호됨을 입증 * DCCSN : Digital Computer and Communication Systems and Networks
■ 목적 및 범위
Examples: handling, testing and
maintenance equipment and parts, etc.
Examples: electrical power, heating,
ventilation, and air conditioning,
communications, fire suppression, or
any system, etc.
NuPIC 2013
2. Cyber Security Plan(CSP) 개요
4
■ Cyber Security Program 유지
지속적인 감시 및 평가
변경 관리
■ Cyber Security Program 구축
Cyber Security Team 구성
Critical Systems(CSs) 확인
Critical Digital Assets(CDAs) 확인
Defensive Architecture 구축
Cyber Security Controls 평가 및 구현
Cyber Security Program을 Physical Protection
Program에 반영
발전소 별 Policies 및 Procedures 작성 및 유지
2013 2014 2015
1. Develop
the Cyber
Security
Program
Cyber
Security Plan
Ph
as
e 1
2. Implement the Cyber Security Program
Assess CDAs –
agree controls
Identify CS & CDAs
Implement Controls
Operational
Readiness
Establish Cyber Security Operational Functions
Training and Awareness
Phase
2
■ Cyber Security Program 유지
지속적인 감시 및 평가
변경 관리
■ Cyber Security Program 수립
Cyber Security Team 구성
Critical Systems(CSs) 확인
Critical Digital Assets(CDAs) 확인
Defensive Architecture 구축
Cyber Security Controls 평가 및 이행
Cyber Security Program을 Physical Protection
Program에 반영
발전소 별 Policies 및 Procedures 작성 및 유지
NuPIC 2013
NEI 10-04 지침 기준
RG 5.71 지침 기준
The identification of CSs include those systems that
1) Perform or are relied upon for SSEP functions,
2) Affect SSEP functions or affect CSs and/or CDAs that
perform SSSEP functions,
3) Provide a pathway to a CS and/or CDA that could be used to
compromise, attack, or degrade an SSEP function,
4) Support a CS and/or CDA, or
5) Protect any of the above from cyber attack up to and
including the DBT.
3. CSs & CDAs 확인 절차
5
■ Critical Systems(CSs) 확인 절차
I. Safety
Is this system relied on to remain functional during and following
design-basis events to ensure:
1) The integrity of the reactor coolant pressure boundary?
2) The capability to shut down the reactor and maintain it in a
safe shutdown condition?
3) The capability to prevent or mitigate the consequences of
accidents which could result in potential offsite exposures?
II. Important-To-Safety
4) Is this a non-safety related system whose failure could
adversely impact any of the functions identified in the previous
three ‘Safety Systems’ questions?
5) Is this a non-safety related system that is part of the primary
success path and functions or actuates to mitigate a transient
that either assumes the failure of or presents a challenge to
the integrity a fission product barrier?
6) Has operating experience or a probabilistic risk assessment
shown that a non-safety related system function is significant
to public health and safety?
7) Does the non-safety related system function provide real-time
or near-real-time plant status information to the operators for
the safety operation of the plant during transient, and
accidents?
8) Is this a structure, system, or component that could directly or
indirectly affect reactivity at a nuclear power plant and could
result in an unplanned reactor shutdown or transient?
9) Is this a non-safety system required to maintain defense-in-
depth and diversity requirements?
BNPP 사업 : ENEC CSs 확인절차서
CSs 확인은 NEI 10-04 지침 적용
CSs 확인 후 Critical Digital Systems(CDSs) 추가 확인
Conclusion Yes No
Is this system a critical system? If one or more of the above questions are answered in the affirmative, then this system is (1) Important to Safety and (2) a critical system. ☐ ☐
Is this system a critical digital system? If this critical system is known to include any digital assets then it should be classed as a Critical Digital System. NB it may not be possible to confirm this at this stage of the assessment process. If this is the case then further analysis will be required during the CDA identification process. If this question cannot be answered at this stage then leave the answers blank for further analysis at CDA identification stage.
☐ ☐
CS - An analog or digital technology based
system in or outside of the plant that
performs or is associated with SSSEP /
support systems or equipment
CDS - Those systems and networks
associated with SSSEP / support systems
or equipment
NuPIC 2013
NEI 10-04 지침 기준
RG 5.71 지침 기준
CDAs include digital assets that
1) Perform SSEP functions,
2) Could adversely affect SSEP functions or CSs and/or CDAs
that perform SSSEP functions,
3) Provide a pathway to a CS and/or CDA that could be used to
compromise, attack, or degrade an SSEP function,
4) Support a CS and/or CDA, or
5) Protect any of the above.
3. CSs & CDAs 확인 절차
6
■ Critical Digital Assets(CDAs) 확인 절차
I. CDA is defined as a digital computer,
communication system, or network that is:
A component of a critical system (this includes
assets that perform SSSEP functions; provide
support to, protect, or provide a pathway to
CDSs); or
A support system asset whose failure or
compromise as the result of a cyber attack
would result in an adverse impact to a SSSEP
function.
II. A digital asset may be identified as:
A programmable device (e.g., EPROM,
microprocessor, etc.) that uses any combination
of hardware, firmware and/or software to
execute internally stored programs and
algorithms, including numerous arithmetic or
logic operations, without operator action.
III. Solid state devices (e.g., electro-mechanical
on/off devices, relays, hard-wired logic devices,
circuit boards, etc.) that do not have firmware
and/or software are not considered digital devices.
BNPP 사업 : ENEC CDAs 확인 절차서 (예정)
계측기기 포함
CDAs의 Tagging/ID 방안
CDA 확인 수준 결정
NuPIC 2013
MTP DCS Gateway
Safety System Data Network
DCN-I
안전등급 기기 비안전등급 기기
단방향 통신 장치
Tx Rx Simplex Fiber Optic Cable
UDP/IP 통신
4. Cyber Security Controls 검토
7
Cyber Security Plan
Cyber Security Program
Cyber Security Controls
Management Controls Operational Controls Technical Controls
■ 보안 통제 항목
Security Controls 뿐만 아니라 전체 발전소의 Defensive Strategy을 이행
두 개 이상의 서로 다른 중첩되는 보안 메커니즘을 가지는 다중의 전략 적용
Security Level을 구축하는 방호 아키텍처를 적용
각각은 Firewall, Data Diode와 같은 보안경계로 구분되고 감시 및 제한
Level 4: Safety, Security
Level 3: Operational Control,
Security
Level 2: RT Supervisory
Level 1: Tech. Data, Man, OMS
Level 0: Office Automation
WWW
G
G
G
G
G : Security
Gateway
NID & NIP
Data Diode
Data Diode
H/W, F/W, OS, AS 등과 같은 기술적인 요소를
통한 보호 대책 1. Access controls 2. Audit and Accountability 3. CDA and Communication
Protection 4. Identification and
Authentication 5. System Hardening
리스크 관리 및 보안 정책 1. System and service
acquisition 2. Security assessment and
risk management
인간에 의한 보호 대책 1. Media Protection 2. Personnel Security 3. System and Information
Integrity 4. Maintenance 5. Physical and Environ. Prot. 6. Defensive Strategy 7. Defense-in-Depth 8. Incident Response 9. Contingency Planning/
Continuity of SSEP Functions 10.Awareness and Training 11.Configuration Management
NuPIC 2013
4. Cyber Security Controls 검토
8
Unauthorized
Access
CDAs
Authorized Access
Security Controls
Cyber Threats
Vu
lne
rab
ilities
Cyber Attacks
■ 보안 통제 개념
Assets 내의 정보 자원에 대해 원하지 않는 결과를 초래 할 수 있는 잠재적 가능성, 악의적인 의도, 위협요소 (Insider, Hackers, Spyware/Malware Author, Phisher, Spammer, Spy, Terrorist, etc.)
악의적 의도를 가진 공격자에 의해 시스템 내에 보호된 정보를 누출, 변조, 파괴하는 행위
보안 위협의 원인을 제공하는 Assets의 약점
NuPIC 2013
4. Cyber Security Controls 검토
9
사이버보안평가팀(CSET)은 각 CDAs에 대해 다음 절차에 따라
- 사이버 보안이 적절히 적용되고 있음을 입증하고
- 추가적인 보안통제 항목을 확인해야 함,
Step 1. CDAs 관련 정보 취합
• 사이버 보안통제 항목 이행
• Threat/Attack Vector(s)를 제거할 수 있는 대체 통제/방안 이행
• 미이행 되는 보안통제 항목에 대한 해석 수행. Attack Vector(s)가 존재하지 않아 보안통제 불필요 함을 입증할 수 있는 분석 자료 문서화
Step 2. 기 이행된 보안통제 항목에 대한 시험
Step 3. CDAs 정보의 타당성 검증
Step 4. 추가 보안통제 항목 확인
■ 사이버보안평가팀의 CDAs 평가 및 보안통제 선정 절차
NuPIC 2013
5. CDA Control Compliance 검토
10
CDS CDA 계통간 공유 여부
CPCS
1. CPC/Aux CPC Rack 공유 없음
2. CPP/CEAC Rack 공유 없음
3. ITP (Interface and Test Processor) CPCS, PPS, ESF-CCS, QIAS-P와 공유(Note 2)
4. MTP (Maintenance and Test Panel) CPCS, PPS, ESF-CCS, QIAS-P와 공유 (Note 2)
5. OM (Operator Module) CPCS, PPS, ESF-CCS와 공유 (Note 2)
Note 1. 본 자료는 사이버 보안통제 요건 만족성을 설명할 목적으로 작성된 자료임. 2. 공유 CDA들은 MTP/ITP 계통과 PPS(OM)에 포함되나 보안통제 요건 만족성을 설명할 목
적으로 CPCS에 포함시켰음.
CPCS : Core Protection Calculator System CPP : CEA Position Processor CEA : Control Element Assembly
CEAC : CEA Calculator
■ 노심보호계통(CPCS) CDAs 선정 목록
NuPIC 2013
5. CDA Control Compliance 검토
11
Large Display Panel
Protection System
NAPS Server
Gateway Server
(DCN-I)
QIAS-N (C, D)
Non-safety Components
(Sensors, Txs, Pumps, Valves, etc.)
FIDAS NIMS ALMS IVMS LPMS
RCPVMS
P-CCS BOP
Controls
NPCS PPCS/PLCS
FWCS SBCS
DPS PCS RRS
RPCS DRCS
Remote I/O
ICI Sensors
ENFMS
Startup/ Control
Safety
Fission
Chamber
Data Link Server
TOVariable
TO FixedRO Fixed
PPS/
CFM
SP/
BISI
PPS/
CFM
SP/
BISI
CRS
Variable
CRSVariable
RO
Variable
Dedicated H/W switches
ESFAS Initiation
RT Initiation
Minimum Inventory
DMA Switches
DIS QIAS-P
PPS/CPCS OM QIAS-N
Operator Console
Safety Console
PPS (4 Ch)
ESF-
CCS (4 Ch)
QIAS-P (A, B)
CPCS (4 Ch)
Safety Components
(Sensors, Txs, Pumps, Valves, etc.)
Channelized Safety Bus
MTP ITP
CIM
Alarm Server
DB Server
APC-S : Auxiliary Process Cabinet – Safety, CIM : Component Interface Module, CPCS : Core Protection Calculator System, DIS : Diverse Indication System,
DMA : Diverse Manual ESF Actuation, DRCS : Digital Rod Control System, ENFMS : Ex-core Neutron Flux Monitoring System, FIDAS : Fixed In-core Detector Amplifier System, ICI : In-Core
Instrumentation, NIMS : NSSS Integrity Monitoring System, NPCS : NSSS Process Control System, OM : Operator Module,
P-CCS : Process Component Control System, PCS : Power Control System, QIAS-P/N : Qualified Indication & Alarm System - PAMI / Non-safety
APC-S (4 Ch)
DIS
Safety
Soft Control Non-safety
Soft Control
Ch. Confirm Switches
Control & Monitoring System
APC-S
Common platform for Safety I&C
Common platform for Non-safety I&C
Dedicated equipment for its function
Computer server, monitor & peripherals
Conventional H/W components
Legend
Safety related network
Non-safety network
Hardwired Connection
CPCS는 임의의 가상 사고의 결과를 제한하도록 원자로 정지를 위한 Trip Signal을 제공함.
■ MMIS Architecture - CDAs
NuPIC 2013
5. CDA Control Compliance 검토
12
OM/MTP (CPCS 기준) : - CPC 및 CEAC 상태 감시
- 운전변수 제공
- Channel Test 제공
ITP (CPCS 기준) : - QIAS-N에 CPC 및 CEAC 데이터 제공
- CPC에 Test Enable Signal 제공
CEAC : - 모든 CEAs에 대해 RSPT의 CEA 위치 입력을 바탕 으로 CEA Deviation-related Penalty Factors 계산
CPC : - 원자로 정지를 위한 DNBR/LPD Trip and Pre-Trip signals 그리고 CEA Withdrawal Prohibit(CWP) 신호 발생
■ CPCS 블록 구성도 - CDAs
NuPIC 2013
5. CDA Control Compliance 검토
13
Class Family Quantity of Controls
Sec. No Description Total 1)
1.0 Management Controls
1.1 System and Service Acquisition 6
1.2 Security Assessment and Risk Management 3
2.0 Operational Controls
2.1 Media Protection 6
2.2 Personnel Security 2
2.3 System and Information Integrity 11
2.4 Maintenance 3
2.5 Physical and Environmental Protection 9
2.6 Defensive Strategy 1
2.7 Defense-in-Depth 1
2.8 Incident Response 8
2.9 Contingency Planning/Continuity of Safety, Security, and Emergency Preparedness Functions
7
2.10 Awareness and Training 10
2.11 Configuration Management 9
3.0 Technical Controls
3.1 Access controls 23
3.2 Audit and Accountability 12
3.3 Critical Digital Assets and Communications Protection 22
3.4 Identification and Authentication 9
3.5 System Hardening 5
Total 18 147
Note 1. 본 표는 BNPP CSP 기준으로 작성되었음(각 항목별 요건은 RG 5.71과 동일함). 표에서의 숫자는 각 Family 별 Subsection의 수량을 나타냄.
■ 사이버 보안 통제 평가
Family Controls Typical DOR
CDAs
1 2 3 4 5
3.1 Access Controls
3.1.5 Separation of functions Shared P P P P P
3.1.6 Least privilege Shared
3.1.7 Unsuccessful login attempts Supplier
3.1.8 System use notification Shared
3.1.9 Previous logon notification Shared
3.1.10 Session lock Supplier
• Y (YES) : CDA가 사이버보안통제 요건 만족
• P (Partially YES) : CDA가 사이버보안통제 요건 부분적으로 만족
• N (NO) : CDA가 사이버보안통제 요건 불만족
• Blank : 평가 미수행.
• “Shared”는 Owner와 Supplier가 같이 공동으로 수행해야 하는 항목임
• 본 자료 상의 평가는 최종 평가가 아니며 Compliance Assessment 설명을 위한 Sample 자료임
• 평가 DOR은 Typical 자료이며 사업별로 다를 수 있음.
Controls Description CDAs
1 2 3 4 5
3.1.5 Separation of functions (4개 중 2개 만 검토함)
Enforcing separation of CDA functions through assigned access authorizations
Restricts security functions to the least amount of users necessary to ensure the security of CDAs
Y Y Y Y Y
NuPIC 2013
5. CDA Control Compliance 검토
한국원자력연구원
Cyber Security Risk Analysis/Assessment System
14
■ 사이버 보안 통제 평가 도구(Assessment Tool)
WEC
Lumension Risk Manager (LRM)
US Department of Homeland Security (DHS)
Cyber Security Evaluation Tool (CSET® )
Wiznucleus Cyberwiz-Pro
TM – Cyber Security Assessment Team
Collaboration Platform
NuPIC 2013
6. 요약
■ Cyber Security 규제 요건
RG 5.71, NEI 10-04(R02), BNPP사업 ENEC CSP 현황
15
■ Cyber Security Plan(CSP) 개요
Cyber Security Program 수립 및 유지
■ CSs & CDAs 확인 절차
BNPP사업 ENEC CSP는 NEI 10-04(R02)에 따른 CDSs 확인절차 수립
■ Cyber Security Controls 검토
보안통제 개념, 항목 그리고 CSET의 평가
■ Cyber Security Controls 검토
CPCS의 CDAs 확인 및 통제 평가, 평가 도구 소개