Vulnerability Test of VPN for a Remote Monitoring System

A remote monitoring system is operating in 14 PWR in Korea. The history of RMS in Korea started in 1998. A Memorandom of Understanding on Remote Monitoring based on Enhanced Cooperation on PWR’s was singed at the 10th Safeguards Review Meeting in October 2001 between the IAEA and MOST. After that, all PWR power plants applied for Remote Monitoring. But the existing method requires a high cost (Telephone fee is very expensive). So, it was eventually applied to an Internet system for Remote Monitoring. According to the Internet-based VPN applied to Remote Monitoring, KAERI came to an agreement with the IAEA using a Member State Support Program (MSSP). Phase I is Lab’s Test. Phase II is to apply it to a target power plant. Phase III is to apply it to all the power plants. This paper is the result of vulnerability tests at Phase I. The composition of phase I consisted of a SDIS Server, IAEA Server and TCNC Server. In each system, a hardware VPN system was installed. And we tested the vulnerability of the two systems and the two VPN (SDIS Server & VPN and TCNC Server & VPN). The two scenarios of the hacking tests are; One is hacking from the outside and the other is hacking from the inside. The results of hacking were good for the defense using the VPN hardware. We know that there is no invasion of the system (SDIS Server & VPN and TCNC Server & VPN) through the vulnerability test.