Environmental Engineering Reference
In-Depth Information
identiication and authentication of per-
sonnel; control of access to security criti-
cal data and functions; data and function
management; assignment of responsibility
for security assurance and also traceability
of executed activities).
• Performing of software design according
to the security assurance plan or quality as-
surance plan, taking into account results of
analysis of threats and vulnerabilities, and
according to the general security assurance
plan and system security assurance plan
regulated by IEC 61513.
• With such a possibility, coniguration and
parameterization of software to avoid ap-
pearance of unnecessary vulnerabilities.
• Determination of resources for eiciency
assessment for implemented solutions.
For design, implementation and maintenance
of cyber security program, the following series
of activities is suggested:
1. Analysis of digital systems and networks of
facilities.
2. Detection and assessment of critical assets
from a safety point of view.
3. Implementation of security architecture ac-
cording to the specified guidelines.
4. Analysis of potential risks of cyber security
violation.
5.
Implementation of maintenance activities
for cyber security assurance program.
Multilayered architecture is suggested as
the security architecture, and also a diagram of
interaction of these layers and their description
are provided.
Moreover, the document contains description
of the following groups of safety assurance meth-
ods for each of security-critical assets, as well as
approaches to their implementation:
Document RG 5.71 (RG 5.71, 2010) is currently
one of the most technically mature and complete
of valid documents and describes the basis for
realization of cyber security of facilities' assets
related to nuclear power engineering (including
a plan and a program of cyber security). In addi-
tion, the document contains safety requirements
potentially applied to nuclear facilities.
According to the document, the problem of
cyber security assurance for assets is reduced
to protection against cyber attacks. The docu-
ment determines requirements to cyber security
program, for which designing, implementation
and maintenance of cyber security plan are
required (according to the given structure and
guidelines), and also presents a short description
of the appropriate stages and guidelines for their
implementation.
Life cycle structure of cyber security process
that includes the following stages is described:
design of cyber security program, its implemen-
tation on facilities, continuous monitoring of
the program, periodic program review, change
management implementation and also retention
of records and documentation.
• Technical methods for security assurance.
• Operational methods for security assurance.
•
Executive methods for security assurance.
The document issued by IAEA (IAEA Nuclear
Security Series No. 17, 2011) is IAEA manual for
nuclear facilities, where application of computer
security program is described. Importance of
implementation of computer security aspects in
a general security plan of facility is emphasized.
In contrast to RG 5.71 concepts of different
safety types, including personnel, physical, cyber,
computer security are introduced, and also a role
of computer security is clearly outlined.
It is determined that all nuclear related facilities
should have a standard, defining main tasks for
computer security at facility and also a relevant
plan. Importance of implementation of defense
in depth strategy is emphasized. A concept and a
diagram of security management life cycle and also
Search WWH ::
Custom Search