skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: A Cyber Security Self-Assessment Method for Nuclear Power Plants

Abstract

A cyber security self-assessment method (the Method) has been developed by Pacific Northwest National Laboratory. The development of the Method was sponsored and directed by the U.S. Nuclear Regulatory Commission. Members of the Nuclear Energy Institute Cyber Security Task Force also played a substantial role in developing the Method. The Method's structured approach guides nuclear power plants in scrutinizing their digital systems, assessing the potential consequences to the plant of a cyber exploitation, identifying vulnerabilities, estimating cyber security risks, and adopting cost-effective protective measures. The focus of the Method is on critical digital assets. A critical digital asset is a digital device or system that plays a role in the operation, maintenance, or proper functioning of a critical system (i.e., a plant system that can impact safety, security, or emergency preparedness). A critical digital asset may have a direct or indirect connection to a critical system. Direct connections include both wired and wireless communication pathways. Indirect connections include sneaker-net pathways by which software or data are manually transferred from one digital device to another. An indirect connection also may involve the use of instructions or data stored on a critical digital asset to make adjustments to a critical system. Themore » cyber security self-assessment begins with the formation of an assessment team, and is followed by a six-stage process.« less

Authors:
; ;
Publication Date:
Research Org.:
Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
898641
Report Number(s):
PNNL-SA-42797
401001100; TRN: US0701689
DOE Contract Number:  
AC05-76RL01830
Resource Type:
Conference
Resource Relation:
Conference: Transactions of the American Nuclear Society , 91:45-6
Country of Publication:
United States
Language:
English
Subject:
21 SPECIFIC NUCLEAR REACTORS AND ASSOCIATED PLANTS; 29 ENERGY PLANNING, POLICY AND ECONOMY; COMMUNICATIONS; DIGITAL SYSTEMS; MAINTENANCE; NUCLEAR ENERGY; NUCLEAR POWER PLANTS; SAFETY; SECURITY; cyber security; digital assets; critical systems; risk assessment; vulnerability assessment

Citation Formats

Glantz, Clifford S, Coles, Garill A, and Bass, Robert B. A Cyber Security Self-Assessment Method for Nuclear Power Plants. United States: N. p., 2004. Web.
Glantz, Clifford S, Coles, Garill A, & Bass, Robert B. A Cyber Security Self-Assessment Method for Nuclear Power Plants. United States.
Glantz, Clifford S, Coles, Garill A, and Bass, Robert B. 2004. "A Cyber Security Self-Assessment Method for Nuclear Power Plants". United States.
@article{osti_898641,
title = {A Cyber Security Self-Assessment Method for Nuclear Power Plants},
author = {Glantz, Clifford S and Coles, Garill A and Bass, Robert B},
abstractNote = {A cyber security self-assessment method (the Method) has been developed by Pacific Northwest National Laboratory. The development of the Method was sponsored and directed by the U.S. Nuclear Regulatory Commission. Members of the Nuclear Energy Institute Cyber Security Task Force also played a substantial role in developing the Method. The Method's structured approach guides nuclear power plants in scrutinizing their digital systems, assessing the potential consequences to the plant of a cyber exploitation, identifying vulnerabilities, estimating cyber security risks, and adopting cost-effective protective measures. The focus of the Method is on critical digital assets. A critical digital asset is a digital device or system that plays a role in the operation, maintenance, or proper functioning of a critical system (i.e., a plant system that can impact safety, security, or emergency preparedness). A critical digital asset may have a direct or indirect connection to a critical system. Direct connections include both wired and wireless communication pathways. Indirect connections include sneaker-net pathways by which software or data are manually transferred from one digital device to another. An indirect connection also may involve the use of instructions or data stored on a critical digital asset to make adjustments to a critical system. The cyber security self-assessment begins with the formation of an assessment team, and is followed by a six-stage process.},
doi = {},
url = {https://www.osti.gov/biblio/898641}, journal = {},
number = ,
volume = ,
place = {United States},
year = {Mon Nov 01 00:00:00 EST 2004},
month = {Mon Nov 01 00:00:00 EST 2004}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: