As a form of industrial control systems (ICS), nuclear instrumentation and control (I&C) systems have been digitalized increasingly. This has raised in turn cyber security concerns. Cyber security for ICS is important because cyber-attacks against ICS can cause not only equipment damage and loss of production but also personal and public safety hazards unlike in general IT environments. Numerous risk analyses have been carried out to enhance the safety of ICS and recently, many studies related to the cyber security of ICS are being conducted. Many existing risk analyses and cyber security studies have considered safety and cyber security separately. However, both safety and cyber security perspectives should be considered when analyzing risks for complex and critical ICS facilities such as nuclear power plants (NPPs). In this paper, the STPA-SafeSec methodology is selected to consider both safety and security perspectives when performing a risk analysis for NPPs in order to assess impacts on the safety by cyber-attacks against the digital I&C systems. The STPA-SafeSec methodology was applied to a test-bed system that simulates a condensate water (CD) system in an NPP. The process of the application up to the development of mitigation strategies is described in detail.

作为工业控制系统（ICS）的一种形式，核仪表和控制（I&C）系统已经越来越数字化。这反过来又引发了网络安全问题。ICS 的网络安全很重要，因为与一般 IT 环境不同，针对 ICS 的网络攻击不仅会导致设备损坏和生产损失，还会造成个人和公共安全危害。为了提高 ICS 的安全性，已经进行了许多风险分析，最近，许多与 ICS 网络安全相关的研究正在进行中。许多现有的风险分析和网络安全研究分别考虑了安全和网络安全。但是，在分析核电厂 (NPP) 等复杂和关键的 ICS 设施的风险时，应同时考虑安全和网络安全角度。在本文中，在对核电厂进行风险分析时，选择 STPA-SafeSec 方法来考虑安全和安保角度，以评估针对数字 I&C 系统的网络攻击对安全的影响。STPA-SafeSec 方法应用于模拟核电厂冷凝水 (CD) 系统的试验台系统。详细描述了应用程序直到制定缓解策略的过程。