Cyber Security of Safety-Critical Infrastructures: A Case Study for Nuclear Facilities

Publication Type:

Journal Article


Information & Security: An International Journal, Volume 28, Issue 1, Number 8, p.98-107 (2012)


complexity, Critical Infrastructure, information security standards, NPP, nuclear power plant, Stuxnet., vulnerability


Computers have become crucial to the operations of government and business. Critical infrastructure protection policy has evolved since the mid-1990’s. Since 11 September 2001, the critical link between cyberspace and physical space has been increasingly recognized. Presently, critical infrastructure sectors face various cyber threats. In particular, the electrical power infrastructure is the most critical infrastructure upon which other infrastructures depend. Cyber attacks on energy production and distribution systems could endanger public health and safety, damage the environment, and have serious financial implications, such as loss of production, generation, or distribution of public utilities; compromise proprietary information; or bring liability issues. Government and private sector computer security is affected by various laws, but not all laws reflect newly emerging challenges. At the same, time poor systems management can be costly and disruptive. This paper presents an approach allowing to implement, manage and maintain cyber security program for Instrumentation and Control (I&C) systems of Nuclear Power plants (NPP). It is based on existing standards’ requirements consideration of issues specific to the security of Field Programmable Gates Arrays (FPGA).