Security Informed Safety Assessment of NPP I&C Systems: GAP-IMECA Technique

The application of complex electronic components such as systems-on-chips (including systems-on-programmable-chips using field programmable gate arrays (FPGAs)) in industrial instrumentation and control systems (I&Cs) causes risks for ensuring of safety. Nuclear power plant (NPP) I&C projects on FPGA are complex solutions which include both software and hardware components. Information security (system’s ability to protect the information and data from unauthorized access and modification) is a subordinate property with respect to safety of many I&Cs, primarily to the NPP reactor trip systems. Such hierarchy may be taken into account by implementation of security informed safety (SIS) approach. Recent events like Stuxnet or Duqu showed vulnerabilities in industrial embedded IT-Systems. In order to remove or reduce security risks, which could increase overall safety risk, the holistic analytical technique are necessary. The goal of the paper is to present the technique for of SIS-based assessment of the NPP I&C systems. The proposed SIS-oriented method of NPP I&C systems assessment includes the models and techniques. To decrease the risk of manual errors, the tool for the SIS-oriented assessment automation is described. The tool is based on joint use of abovementioned models and techniques, is proposed. The tool allows conducting the joint use of the following analysis techniques: GAP and IMECA.