IAEA 3rd International Conference on Nuclear Knowledge ...€¦ · Asset Management as a...

Asset Management as a Precondition for

Knowledge Management

IAEA 3rd International Conference on

Nuclear Knowledge Management:

Challenges and Approaches

Vienna, 7-11 November 2016

Dr. Karl Waedt, AREVA GmbH, Erlangen

Edita Bajramovic, AREVA GmbH, Erlangen

Yuan Gao, AREVA GmbH, Erlangen

Deeksha Gupta, AREVA GmbH, Erlangen

Mithil Parekh, AREVA GmbH, Erlangen

Asset Management as a Precondition for KM – E. Bajramovic & D. Gupta Vienna 2016-11-09 © AREVA p.2 All rights are reserved, see liability notice.

Knowledge Management Topics

Overview

Asset Management

Knowledge Management Improving the Usability

Software / IT Asset Management

SMARTEST-AREVA Plant, Process and I&C Level Modeling


►Safety & Cybersec. in the Design of NPPs – K. Waedt / Y.

Safety & Cybersecurity for NPPs Topics Loviisa 1&2

Ling Ao II 3&4

Oconee 1-3

OKG 2

Ringhals 1

Mochovce 3+4 Angra 2+3

GKN1

Kola 3&4

AREVA I&C Contribution to

Comprehensive Projects Worldwide

Atucha 2

Belene 1+2

KKI1

Novovoronesh 6+7

Leningrad 5+6 Fang Jia Shan1&2

Fuqing 1&2


Knowledge Management New NPP Projects

AREVA EPRTM

Finland: Olkiluoto OL3

France: Flamanville FA3

China: Taishan TSN1, TSN2

TELEPERM XS Safety I&C



Overview

Asset Management





Knowledge Management Overview

Smart sensors and extensively configurable devices are gradually

imposed by the automation market

Except for safety systems, they find their way into the next Instrumentation &

Control (I&C) generation

The understanding and handling of these devices require an extensive

Knowledge Management (KM)

For legacy systems, security often relates to vetting and access control

For digital devices, a refined asset management is needed

e.g. down to board-level support chipsets

Firmware and system/application software have their own configurations, versions and

patch levels

As a first step of the KM, a user needs to know the firmware configurability

Trainings can address when to apply patches, perform regression tests and on what to

focus, based on accumulated experience


Defining the main safety functions (reactivity control, residual heat

removal, radioactive material confinement) of a NPP mandates the

deployment of

defense-in-depth concepts in different technical domains,

the use of certified I&C platforms and an environment imposing,

a continuous safety awareness and a sustainable nuclear education.

At all levels, from the refining of safety functions to the verification

of I&C platform software and the on-site maintenance activities, a

comprehensive knowledge management is essential

For emerging topics, like cybersecurity, interdisciplinary

information is needed to perform comprehensive attack tree

analyses

Knowledge Management Overview



Overview

Asset Management





Asset: item with potential or actual value to an organization

Asset Life: period from asset creation to asset end-of-life

Asset Types: grouping by common characteristics

Physical assets, infrastructure assets, movable assets

Information assets, ICT assets

Intangible assets, e.g. brands, use rights, licenses, intellectual property rights,

reputation, agreements

Critical assets …

In a Strategic Asset Management Plan

the groups (subsets) of key assets have to be identified as a first step towards

generating value from assets

Asset Management Plan

for individual assets or groups of assets

Asset Management Terms


Organization Management

Asset Management

Asset Management

System

Asset Management ISO 55000

Asset Portfolio

Interacting elements to

establish asset management

- policy

- objectives

- processes

Coordinated activity to

realize value from assets

Assets within the scope


Organization Management

Asset Management

AM System

Asset Portfolio

Policies, …, tools

Activities to realize

value from knowledge

Assets

within the scope


KM System

Knowledge Representation

Knowledge

Graph

Activities to realize

value from assets

Asset Management ISO 55000



Overview

Asset Management





AM & KM System Interoperability

Knowledge

Representation


Thesauri

- Modeling of Assets

- Knowledge Graph Extension

Thesauri ?

. . .

Q?

Q?

Q?

Interoperability

Q?

AM = Asset Management KM = Knowledge Management

Knowledge

Retrieval


AM & KM System

Knowledge

Representation


. . .

Q?

AM = Asset Management KM = Knowledge Management

Manual

Knowledge

Retrieval

Physical access to

TI ES cabinet

Key locked

cabinets

Physical access to

TI ES room

Access to TI ES

Maintenance

Notebook

Modification of

Parameters via

local HMI

Availability

Integrity

Availability

Integrity

Room with

restricted

access§9.1.2

§9.2.1

Preventive

Detective

Corrective

Kind of

Control

User

identification

Modification of SW /

Parameters via RS

232 interface

Login on TI ES

Maintenance

Notebook

User

identification

Logging of

access§10.10.4

§11.5.2

Equipment Siting

and Protection

§11.5.2

Usage of an

inadmissibly

brought notebook

User

identification§11.5.2

Backup and

Recovery§10.5.1

Backup and

Recovery§10.5.1

SIPROTEC

installed in the TI

ES cabinet door §9.2.1 a)

Modification of

logfiles on

Maintenance

Notebook

Administrator


Integrity

Parameter

review

Deletion of

Firmware via

RS 232 interfaceAvailability

User


Backup and

Recovery§10.5.1

Training

Generic

Training

Material

Cybersecurity

Vulnerabilities

Analysis Partially Automated

Knowledge Retrieval



Overview

Asset Management





Software / IT Asset Management Graded Approach (1)

Tier 1: Trustworthy Data

Tier 2: Practical Management

Tier 3: Operational Integration

Tier 4: Full SAM Conformance

ISO/IEC 19770: for organizations that want to achieve

best practice in Software Asset Management (SAM)

Software and organizational scope definitions are allowed

Good security usually necessary for all assets within

certain sections of an infrastructure to be included

Tier 1: Knowing what you have

Tier 2: Policies, roles, responsibilities

Tier 3: SAM integration into

operational processes

Tier 4: Best-in-class strategic SAM


Software Asset Management (SAM) Version Scheme

Version Scheme for Assets

Provided e.g. by software creators, package creators

Used e.g. by discovery tool providers

Needed for compatibility statements

With regard to interoperability with other software packages

With regard to applicability of patches

Value Meaning

multipart numeric e.g. 1.2, 1.2.1, 1.2.1.3

multipart numeric + suffix e.g. 1.2.1a

alphanumeric Strictly a string, sorting is done alphanumerically

decimal Floating point number (e.g. 1.25 is less than 1.3)

semver Follows semver.org spec. (Semantic Versioning)

unknown No attempt to order versions of this type!


Software Asset Management (SAM) Patch and Product Relationships

Example:

Need of exact asset identification,

down to the patch level


Software / IT Asset Management Prerequisites

Interoperability for software management data independent of vendor, platform

or technology (such as virtualization)

Usable throughout the software product lifecycle

Unique software ID unique product at the binary level

for distribution/update purposes

information structures interlinked by the unique software ID

structures designed to be: readable by humans and interpretable by programs

Impossible to manage software assets without also managing the

hardware on which it runs

Minimum (Tier 1): “You cannot manage what you do not know”

Software used to develop other software must itself be controlled


Software Asset Management (SAM) Terms

Software Asset Management (SAM):

control and protection of software and related assets

SAM Owner: individual at a senior organization-wide level who is

identified as being responsible for SAM

Local SAM Owner for a defined part

SAM Practitioner practice or role of managing SW assets

SAM Program Scope: clear statement listing of all covered

parts of the organization and

types of software, assets, platforms

Platform: type of hardware device and/or associated operating system,

or a virtual environment, on which software can be installed or run

Platform Provider: organization responsible for the platform



Baseline: formally approved version of a configuration item

Configuration Item: under configuration management control

may vary widely, ranging from

an entire system including all hardware, software and documentation, to

a minor hardware component

Definitive Master Version: originating instance of the SW used to install

Primary Information Structure (SWID): Information Structure to which

supplemental Information Structures may be linked

Supplemental Information Structure

Registration Identifier (RegID): unique identifier for an entity



Software Identification Tag (SWID Tag): Information Structure containing

identification information about a software configuration item

shall only be modified by the organization that initially created the tag

Globally Unique Identifier (GUID): 16-byte string of characters that is

generated in a manner that gives a high probability that the string is unique in

any context

Information Structure (InfoStruct): structure that provides information about a

software asset in order to facilitate its management

Information Structure Creator: entity that initially creates an Information

Structure

Information Structure ID: value that shall be globally unique for every

Information Structure created



Software Package (SWID Tag): complete and documented set of software

Software Product

Software Packager: entity that packages or bundles software created by others

Stock Keeping Unit (SKU): ID, of a particular product that allows it to be

tracked for inventory and software entitlement

Unique SW identification file names

Portable Filename Character Set as defined in IEEE 1003.1:2013

Extension “.swidtag“

<name of the tag creator> + <product name>.swidtag



Overview

Asset Management






Z1

Z2

Z1

Z2

Z1

Z2

Z1

Z2

Plant Level

Process Engineering

Level I&C and ES

Architecture

Level

I&C Electrical

Systems

Unique Identification of Assets

Modeling of Cybersecurity relevant relations


An improved Asset Management and a step-by-step establishment of

a semi-formal Knowledge Graph are worth the effort

Beyond improving the quality of lessons learned handling:

a baseline for technical analyses,

consistency and completeness checks, and

transfer of knowledge to new employees or employees from other

domains, reducing even the impact of staff fluctuation

Risks:

Along with a more comprehensive and more precise knowledge

representation, a reevaluation of confidentiality classifications may be

needed

A higher quality knowledge representation also facilitates intellectual

property theft and misuse of knowledge for Advanced Persistent Threats

Knowledge Management Conclusion


Knowledge Management Acknowledgment

Note:

Some modelling is elaborated as part of AREVA’s

participation in the “SMARTEST” R&D

with German University partners,

partially funded by German Ministry BMWi.


Editor and Copyright [2016]: AREVA GmbH – Paul-Gossen-Straße 100 – 91052

Erlangen, Germany. It is prohibited to reproduce the present publication in its

entirety or partially in whatever form without prior written consent. Legal action may

be taken against any infringer and/or any person breaching the aforementioned

prohibitions.

Subject to change without notice, errors excepted. Illustrations may differ from the

original. The statements and information in this brochure are for advertising

purposes only and do not constitute an offer of contract. They shall neither be

construed as a guarantee of quality or durability, nor as warranties of

merchantability or fitness for a particular purpose. These statements, even if they

are future-orientated, are based on information that was available to us at the date

of publication. Only the terms of individual contracts shall be authoritative for type,

scope and characteristics of our products and services.

Asset Management as a Precondition for


IAEA 3rd International Conference on

Nuclear Knowledge Management:

Challenges and Approaches

Vienna, 7-11 November 2016

Dr. Karl Waedt, AREVA GmbH, Erlangen

Edita Bajramovic, AREVA GmbH, Erlangen

Yuan Gao, AREVA GmbH, Erlangen

Deeksha Gupta, AREVA GmbH, Erlangen

Mithil Parekh, AREVA GmbH, Erlangen

IAEA 3rd International Conference on Nuclear Knowledge ...€¦ · Asset Management as a...

Documents

Transcript of IAEA 3rd International Conference on Nuclear Knowledge ...€¦ · Asset Management as a...