Study on the Safety and Cyber Security Interface during I&C System Life Cycle

Cyber security measures were newly introduced into digital Instrumentation and Control (I&C) systems in nuclear facilities after the Stuxnet malware successfully damaged Iranian nuclear facilities by compromising I&C systems in 2010. Since the safety I&C system serves critical role on protection of persons, property and environment, it is necessary to assess whether implementation of cyber security measures adversely affect safety function and performance of the I&C system.The very basic cyber security measures, such as authentication and encryption, can cause some delay on response time which can cause serious problem in emergency situation. Thus, alternative measures should be considered when there exit conflicts between safety and cyber security. There also exist some areas that can provide synergy for both safety and security. For example, diversity protects compromise of important safety function from single failure which can be caused by both safety and security.This paper introduces the cyber security controls in KINAC RS-015 which is the regulation standard for cyber security of nuclear facilities in Korea and discuss some of areas which create synergy or conflict between safety and cyber security. Furthermore, it provides activities during I&C system life cycle so that cyber security and safety can be designed and implemented in an integrated manner for synergy between two areas. This paper can help regulator to develop regulatory requirements on safety and cyber security interface.