The generic concept of security controls, as initially deployed in the information security domain, is gradually used in other business domains, including industrial security for critical infrastructure and cybersecurity of nuclear safety instrumentation & control (I&C). A security control, or less formally, a security countermeasure can be any organizational, technical, or administrative measure that helps in reducing the risk imposed by a cybersecurity threat. The new IAEA NST036 lists more than 200 such countermeasures. NIST SP800-53 Revision 4 contains about 450 pages of security countermeasure descriptions, which are graded according to three levels of stringency. In order to facilitate and formalize the process of developing, precisely describing, distributing, and maintaining more complex security controls, the application security controls (ASC) concept is introduced by the new ISO/IEC 27034 multipart standard. An ASC is an extensible semiformal representation of a security control (extensible markup language or javascript object notation-based), which contains a set of mandatory and optional parts as well as possible links to other ASCs. A set of ASCs may be developed by one company and shipped together with a product of another company. ISO/IEC 27034-6 assumes that ASCs are developed by an organization or team specialized in security and that the ASCs are forwarded to customers for direct use or for integration into their own products or services. The distribution of ASCs is supported and formalized by the organization normative frameworks (ONFs) and application normative frameworks (ANFs) deployed in the respective organizational units. The maintenance and continuous improvement of ASCs is facilitated by the ONF process and ANF process. This paper will explore the applicability of these industry standards based ASC lifecycle concepts for the nuclear domain in line with IEC 62645, IEC 62859, and the upcoming IEC 63096. It will include results from an ongoing bachelor thesis and master thesis, mentored by two of the authors, as well as nuclear-specific deployment scenarios currently being evaluated by a team of cybersecurity Ph.D. candidates.
Skip Nav Destination
Article navigation
October 2018
Research-Article
Development, Distribution, and Maintenance of Application Security Controls for Nuclear
Yongjian Ding,
Yongjian Ding
University of Applied Sciences
Magdeburg-Stendal,
Institute for Electrotechnik,
Magdeburg 39114, Germany
e-mail: yongjian.ding@hs-magdeburg.de
Magdeburg-Stendal,
Institute for Electrotechnik,
Magdeburg 39114, Germany
e-mail: yongjian.ding@hs-magdeburg.de
Search for other works by this author on:
Xinxin Lou
Xinxin Lou
Search for other works by this author on:
Karl Waedt
Yongjian Ding
University of Applied Sciences
Magdeburg-Stendal,
Institute for Electrotechnik,
Magdeburg 39114, Germany
e-mail: yongjian.ding@hs-magdeburg.de
Magdeburg-Stendal,
Institute for Electrotechnik,
Magdeburg 39114, Germany
e-mail: yongjian.ding@hs-magdeburg.de
Antonio Ciriello
Xinxin Lou
1Present address: Faculty of Technology, University of Bielefeld, Bielefeld 33615, Germany.
Manuscript received October 29, 2017; final manuscript received April 5, 2018; published online September 10, 2018. Assoc. Editor: John F. P. de Grosbois.
ASME J of Nuclear Rad Sci. Oct 2018, 4(4): 041010 (6 pages)
Published Online: September 10, 2018
Article history
Received:
October 29, 2017
Revised:
April 5, 2018
Citation
Waedt, K., Ding, Y., Ciriello, A., and Lou, X. (September 10, 2018). "Development, Distribution, and Maintenance of Application Security Controls for Nuclear." ASME. ASME J of Nuclear Rad Sci. October 2018; 4(4): 041010. https://doi.org/10.1115/1.4039970
Download citation file:
96
Views
Get Email Alerts
Cited By
Studies of the Thermalhydraulics Subchannel Code ASSERT-PV 3.2-SC for Supercritical Applications
ASME J of Nuclear Rad Sci (April 2025)
Impact of the Abrasive Solution Heating Process With Different Techniques on the Etching Parameters for the SSNTD (CN-85)
ASME J of Nuclear Rad Sci (April 2025)
Related Articles
Guidance and Methodologies for Managing Digital Instrumentation and Control Obsolescence
ASME J of Nuclear Rad Sci (October,2016)
Research of Nuclear Power Plant In-Service Maintenance Based on Virtual Reality
ASME J of Nuclear Rad Sci (October,2016)
Research and Development of Validation and Drill System for Full Scope of Severe Accident Management Guideline
ASME J of Nuclear Rad Sci (October,2017)
Benchmarking the Real-Time Core Model for VVER-1000 Simulator Application on Asymmetric Core Load
ASME J of Nuclear Rad Sci (July,2017)
Related Proceedings Papers
Related Chapters
On the Exact Analysis of Non-Coherent Fault Trees: The ASTRA Package (PSAM-0285)
Proceedings of the Eighth International Conference on Probabilistic Safety Assessment & Management (PSAM)
Pipeline Integrity and Security
Continuing and Changing Priorities of the ASME Boiler & Pressure Vessel Codes and Standards
EOrBAC- Based Active Directory Management
International Conference on Advanced Computer Theory and Engineering (ICACTE 2009)