Safety Software Assurance Compliance verification and Risk Evaluation (S-SACRE)

Most digital systems being software intensive are also vulnerable to attacks that exploit software weaknesses. According to the International Atomic Energy Agency, “exploiting weaknesses in digital technology could be the most attractive route for those terrorists seeking to attack nuclear facilities without fear of interdiction.” Recent publicized events about cyber-attack on critical infrastructure, and possible many more that are not reported or known, demonstrate a much deeper problem: The vulnerability that has been introduced in our critical infrastructure by reliance on digital technologies. Future nuclear energy systems will only increase their dependence upon digital technologies that are complex software, hardware and firmware component combinations. While many system-level accreditation and authorization has been enforced by the US Nuclear Regulatory Commission, they do not expose latent weaknesses in the composed software components and their impact on system level security controls. The project will extend the methods to generate a mapping between security controls and software weaknesses for digital computer and communications systems and networks used in safety-related and important-to-safety functions, security functions, emergency preparedness functions, including offsite communications, and support systems and equipment which, if compromised, would adversely impact safety, security, or emergency preparedness functions. The mappings will utilize control definitions in the National Institute of Standards and Technology Special Publication 800-53, which form the foundation for regulatory guidance on materials and plant protection as well as secure development and operational environment for digital safety systems from the US Nuclear Regulatory Commission. In Phase 1, the mappings and related prioritization mechanisms will be made available in a proof-of-concept prototype. Pilot studies will be conducted in a full-scale nuclear facility testbed to further tailor the proof-of-concept for specific accreditation and authorization processes required by the Nuclear Regulatory Commission. Requirements to scale the proof-of-concept to a technology-readiness-level-8 functionality will be identified for continued development in Phase II. The new technology will be integrated in to regulatory assessment and accreditation processes as well as procurement processes in the software supply chain. The approach and resulting toolsets will provide a framework for rigorous assessment of the digital software components for nuclear facilities using existing regulatory guidance. Key Words: Software Assurance for Safety and Security Functions; Cyber security; Nuclear Regulatory Guidance; Software Weaknesses and Vulnerabilities; Security Controls; Secure development and operational environment for digital safety systems