In order to counter cryptoattacks on elements of critical infrastructure, in particular on computer control systems of nuclear power plants, the goal achieved in this work is to analyze the requirements for computer security (cyber security) of the software of this system, which are relevant to the stage of its design, development and operation, as well as proposed criteria and methodology for calculating the quality of compliance with these requirements. To achieve the goal, the first section of the article provides information on standards and identified requirements for software cyber security. In the second section, an analysis of the requirements is carried out and an approach to software development is described, taking into account these requirements and analyzing their consideration. In the third section, an approach to calculating the performance indicator of software cyber security requirements is proposed. The fourth chapter provides an example of the application of this approach to the existing computerized NPP management system to assess compliance with cyber security requirements. The article discusses the requirements of the international standard IEC62645 and the industry standard of Ukraine “NP 306.2.237-2022”, which are related to the development of software for the computer control system of nuclear power plants. Ensuring cyber protection of the software of the NPP computer management system is a complex task that includes administrative, legal, technical, cultural, and organizational components. From the point of view of software development and operation, the main cyber security measures include software code verification, ensuring the absence of hidden functions, implementing physical equipment protection, security of software components, authentication, security during data exchange. To determine the compliance of the software with the requirements of cyber protection, it is necessary to determine the requirements applicable to each component of the software and conduct an analysis of their implementation. This action should occur continuously during the development of new software and software evaluation of existing computer control systems. After the analysis of the applicability and fulfillment of the requirements, the calculation of the coefficient of the fulfillment of the requirements can be carried out. It was noted that cyber protection is only a component of the quality of the software of the NPP computer control system, which is important for the performance of security functions. The analysis of requirements and the calculation of the coefficient of their fulfillment can be an integral part of the complex model of the software development process of the computer system of NPP management.
Read full abstract