Vulnerability Testing against Cyber Terror

Year
2009
Author(s)
Sung-Woo Kwak - Korea Atomic Energy Research Institute
Hosik Yoo - Korea Institute of Nuclear Non-proliferation and Control
Wan-Ki Yoon - Korea Institute of Nuclear Non-proliferation and Control
Joung-hoon Lee - Korea Institute of Nuclear Non-proliferation and Control
Jung-Soo Kim - Korea Institute of Nuclear Non-proliferation and Control
Sung-Soon Jang - Korea Institute of Nuclear Non-proliferation and Control
Jae-Kwang Kim - Korea Institute of Nuclear Non-proliferation and Control
Dong-Han Yoo - Korea Institute of Nuclear Nonproliferation and Control
Abstract
A modern physical protection system consisted of computer-based communications and controls and displays. Cyber terror is a critical factor when evaluating physical protection systems. The revision of INFCIRC 225 Rev. 4 discussed this very important issue. In order to evaluate physical protection system, we created a virtual power plant and conducted vulnerability test on it. This paper outlines the results of those vulnerability tests. The study consisted of two parts. The first part analyzed the Entry Control system and the second part looked at the Physical Protection System (PPS). Three hacking scenarios were examined. They included: hacking from the outside, hacking from the inside and an attack on the Server’s itself. In this study, “Watchfire” software was used in order to assess and improve cyber security at power plant. The vulnerability test showed that the physical protection system successfully protected the target from a multitude cyber attacks.