Year
2019
Abstract
A potential drawback of implementing a cyber security plan at nuclear power plants is the focus on applying security controls to digital assets without sufficient analysis of the function performed by the asset and of the risk associated with the failure of the asset or an event caused by a malfunction of that asset. Plant operators have years of experience developing Probabilistic Risk Assessments (PRA) using event trees and fault trees. Plant-specific PRAs or newer analytical methods, such as Hazards and Consequences Analysis for Digital Systems (HAZCADS) and/or Systems Theoretic Process Analysis (STPA) for event analyses, can be used to inform the basis for determining critical digital asset protections at a plant. This paper proposes a methodology to use a plant-specific PRA to identify events that affect critical functions and result in an unacceptable risk thereby requiring adequate protection for the digital devices from known cyber threats. Use of this methodology can enhance operators’ abilities to determine the effectiveness of defensive security architectures, defense in depth strategies, and cyber security plans of nuclear power plants.