Abstract
Cybersecurity regulations require new I&C (Instrumentation & Control) systems in nuclear power plants to develop software in accordance with secure software development methodology to prevent the digital systems from cyber attacks. One of the common aspects of various secure software development methodologies is that widely-accepted practices should be followed throughout programming. As PLC (Programmable Logic Controller) is used to implement digital I&Cs, C programs are often translated automatically from design specifications such as FBD programs. This paper tries to analyze a part of preliminary version of C codes of a Korean I&C system with a static source code analysis tool of Microsoft. It shows that the automatic translator from FBD to C had a few critical defects, not concerned with security directly. It also recommends to select appropriate analysis tools and rule sets to check best practices in secure programming, even if the C code is produced mechanically.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
