A Comparative Study on Nuclear Power Plant Cyber Security
Assessment Models Based on Risk Assessment Standard Guideline

International efforts to strengthen nuclear cyber security and revision of international guidelines have been underway, with the primary goal of identifying digital assets and implementing security controls after assessing cyber risks. International standards require organizations to assess the probability of information security risk, the impact of risk, and determine the level of risk. Since it is almost impossible to quantify security risk by considering all relevant cases, it is common to assume limited conditions and compare qualitative or semi-quantitative results to prioritize. In this paper, we analyze representative cyber risk assessment models for nuclear power plants and compare their strong and weak points.