A Cybersecurity Risk Assessment Method and its Application for Instrumentation and Control Systems in Nuclear Power Plants

Abstract

As the digitalization of instrumentation and control (I&C) systems in nuclear power plants (NPPs), the stability of systems has been increased and the economic benefits have been improved. However, the cybersecurity issues are emerging and a practical risk assessment method for I&C systems is in urgent need. In this paper, a risk assessment method combining quantitative and qualitative analysis for I&C systems in NPPs is proposed, referring to a Chinese national standard GB/T 36466-2018. According to the standard, the protection capability is considered as the fourth element contributing to the risk along with the asset, the threat, and the vulnerability. We also apply the proposed risk assessment method to an actual I&C system. The results show that the method provides an applicable and effective means of risk assessment for I&C systems in NPPs.