Nowadays cyber security assurance is one of the key challenges of safety critical software based NPP I&C (Nuclear Power Plants Instrumentation and Control) systems requirements profiling, development and operation. Any I&C system consists of a set of standard software (SW), hardware (HW) and FPGA components. These components can be selected and combined in different ways to address the particular control and safety assurance related tasks. Some of them are proprietary software (PS) and commercial off-the-shelf (COTS) components developed previously. Application of such components reduces the level of safety and cyber security, because they can contain vulnerabilities that were created intentionally. In this case, targeted attacks can lead to a system failure.
National Vulnerability Database (NVD) and other open databases contain information about vulnerabilities which can be attacked by insiders or other intruders and decrease cyber security of NPP I&C systems.
In this paper, we propose a safety assessment technique of NPP I&C systems, which consists of the following procedures:
1. Analysis of I&C architecture to assess influence of OTS component failures on dependability (reliability and safety) of the system. For that purpose, FMEDA or similar techniques can be applied.
As a result, three-dimension criticality matrixes (CM) (with metrics of detection, probability and severity) are developed for different components (SWFCM and HW/FPGAFCM).
2. The IMECA-based assessment of OTS components and their configuration. In this case, CMs (SWICM and HW/FPGAICM) describe the degree of failure component influence on cyber security.
3. Joining of criticality matrixes (SWFCM and HW/FPGAFCM, SWICM and HW/FPGAICM), impact analysis of components depending on degree of influence on cyber security and safety as a whole.
4. Developing of Security Assurance Case and selecting of countermeasures according to safety (cyber security)/costs criteria.
The developed tool supports creation of criticality matrixes for each analyzed component of the system and I&C as a whole. Joining of criticality matrixes allows creating common matrix for system cyber security and functional safety. The tool supports decision making to optimize choice of countermeasures according to criterion of safety and security/cost criterion.