A Cyber Security Self-Assessment Method for Nuclear Power Plants
Abstract
A cyber security self-assessment method (the Method) has been developed by Pacific Northwest National Laboratory. The development of the Method was sponsored and directed by the U.S. Nuclear Regulatory Commission. Members of the Nuclear Energy Institute Cyber Security Task Force also played a substantial role in developing the Method. The Method's structured approach guides nuclear power plants in scrutinizing their digital systems, assessing the potential consequences to the plant of a cyber exploitation, identifying vulnerabilities, estimating cyber security risks, and adopting cost-effective protective measures. The focus of the Method is on critical digital assets. A critical digital asset is a digital device or system that plays a role in the operation, maintenance, or proper functioning of a critical system (i.e., a plant system that can impact safety, security, or emergency preparedness). A critical digital asset may have a direct or indirect connection to a critical system. Direct connections include both wired and wireless communication pathways. Indirect connections include sneaker-net pathways by which software or data are manually transferred from one digital device to another. An indirect connection also may involve the use of instructions or data stored on a critical digital asset to make adjustments to a critical system. Themore »
- Authors:
- Publication Date:
- Research Org.:
- Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 898641
- Report Number(s):
- PNNL-SA-42797
401001100; TRN: US0701689
- DOE Contract Number:
- AC05-76RL01830
- Resource Type:
- Conference
- Resource Relation:
- Conference: Transactions of the American Nuclear Society , 91:45-6
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 21 SPECIFIC NUCLEAR REACTORS AND ASSOCIATED PLANTS; 29 ENERGY PLANNING, POLICY AND ECONOMY; COMMUNICATIONS; DIGITAL SYSTEMS; MAINTENANCE; NUCLEAR ENERGY; NUCLEAR POWER PLANTS; SAFETY; SECURITY; cyber security; digital assets; critical systems; risk assessment; vulnerability assessment
Citation Formats
Glantz, Clifford S, Coles, Garill A, and Bass, Robert B. A Cyber Security Self-Assessment Method for Nuclear Power Plants. United States: N. p., 2004.
Web.
Glantz, Clifford S, Coles, Garill A, & Bass, Robert B. A Cyber Security Self-Assessment Method for Nuclear Power Plants. United States.
Glantz, Clifford S, Coles, Garill A, and Bass, Robert B. 2004.
"A Cyber Security Self-Assessment Method for Nuclear Power Plants". United States.
@article{osti_898641,
title = {A Cyber Security Self-Assessment Method for Nuclear Power Plants},
author = {Glantz, Clifford S and Coles, Garill A and Bass, Robert B},
abstractNote = {A cyber security self-assessment method (the Method) has been developed by Pacific Northwest National Laboratory. The development of the Method was sponsored and directed by the U.S. Nuclear Regulatory Commission. Members of the Nuclear Energy Institute Cyber Security Task Force also played a substantial role in developing the Method. The Method's structured approach guides nuclear power plants in scrutinizing their digital systems, assessing the potential consequences to the plant of a cyber exploitation, identifying vulnerabilities, estimating cyber security risks, and adopting cost-effective protective measures. The focus of the Method is on critical digital assets. A critical digital asset is a digital device or system that plays a role in the operation, maintenance, or proper functioning of a critical system (i.e., a plant system that can impact safety, security, or emergency preparedness). A critical digital asset may have a direct or indirect connection to a critical system. Direct connections include both wired and wireless communication pathways. Indirect connections include sneaker-net pathways by which software or data are manually transferred from one digital device to another. An indirect connection also may involve the use of instructions or data stored on a critical digital asset to make adjustments to a critical system. The cyber security self-assessment begins with the formation of an assessment team, and is followed by a six-stage process.},
doi = {},
url = {https://www.osti.gov/biblio/898641},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Mon Nov 01 00:00:00 EST 2004},
month = {Mon Nov 01 00:00:00 EST 2004}
}