Nuclear power plants – Instrumentation and control systems – Requirements for security programmes for computer-based systems
|Publication Date:||1 August 2014|
|ICS Code (Nuclear power plants. Safety):||27.120.20|
This International Standard establishes requirements and provides guidance for the development and management of effective security programmes for I&C computer-based systems for NPPs, possibly integrating HPD (HDL (Hardware Description Language) Programmed Devices), hereinafter named I&C CB&HPD systems. Inherent to these requirements and guidance is the criterion that the power plant I&C CB&HPD system security programme complies with the applicable country's I&C CB&HPD security requirements.
The primary objective of this standard is to define adequate programmatic measures for the prevention of, detection of and reaction to malicious acts by digital means (cyber attacks) on I&C CB&HPD systems. This includes any unsafe situation, equipment damage or plant performance degradation that could result from such an act, such as:
- malicious modifications affecting system integrity,
- malicious interference with information, data or resources that could compromise the delivery of or performance of the required I&C CB&HPD functions,
- malicious interference with information, data or resources that could compromise operator displays or lead to loss of management of I&C CB&HPD systems,
- malicious changes to hardware, firmware or software at the programmable logic controller (PLC) level.
Effective security policies need to implement a graded protection scheme, as described in this standard for assets subject to computer-based security, based on their relevance to the overall plant safety, availability, and equipment protection.
Excluded from the scope of this standard are considerations related to:
- non-malevolent actions and events such as accidental failures, human errors and natural events. In particular, good practices for managing applications and data software, including back-up and restoration related to accidental failure, which should be implemented even if I&C CB&HPD system security was not studied, are out of scope;
NOTE 1 Although such aspects may be considered as covered by security programme in other normative contexts (e.g., in the ISO/IEC 27000 series, the IEC 62443 series or the NIST framework), this standard is only focused on the protection against malicious acts by digital means (cyber attacks) on I&C CB&HPD systems. This is made to provide the maximum consistency and the minimum overlap with other nuclear standards and practices, which already cover accidental failures, unintentional human errors, natural events, etc.
- site physical security and room access control and site security surveillance systems. These issues, while not addressed in this standard, should still be addressed by plant operating procedures and programmes.
NOTE 2 This exclusion does not deny that cyber security has
clear dependencies on the security of the physical environment
(e.g., physical protection, power,
Standards such as ISO/IEC 27001 and ISO/IEC 27002 are not directly applicable to the cyber protection of nuclear I&C CB&HPD systems. This is mainly due to the specificities of these systems, including the regulatory and safety requirements inherent to nuclear facilities.
However, this standard builds upon the valid high level principles and main concepts of ISO/IEC 27001 and 27002, adapts them and completes them to fit the nuclear context.
Particular differentiators that justify a targeted NPP I&C CB&HPD system standard include:
- These systems are required to comply with IEC safety standards related to nuclear power plant I&C systems.
- A cyber attack could lead to significant adverse effects on plant equipment, reliable plant operation, or safety and may result in major impact to surrounding population, plant personnel and the environment.
- Target of cyber threats are typically equipment and process, but may include I&C CB&HPD systems. I&C CB&HPD systems may also be used as the attack vectors.
- The unavailability of a NPP's I&C system due to cyber attack may place the plant in an unacceptable safety position and increase the likelihood of nuclear accidents.
- The effect of a cyber attack may jeopardize or degrade critical devices such as the turbogenerator set or the line transformer, and thus may generate expensive repairs and cause long plant unavailability.
- A nuclear facility operates at a high level of safety and requires rapid, real time responses to emerging situations. An operator shall respond quickly to inputs and available data and shall be able to rely on what information is available.
The possible damage resulting from a cyber attack at a nuclear facility has the potential for much greater impact than that occurring at other industrial facilities. Therefore, while existing and future industrial cyber security guidance may provide information and procedures beneficial to nuclear facilities, a targeted nuclear standard is still required.