A quantitative assessment framework for cyber-attack scenarios on nuclear power plants using relative difficulty and consequence

Abstract

Digital instrumentation and control (I&C) systems have been replacing analog I&C systems in nuclear power plants (NPPs) on account of the beneficial functions digital systems provide. As a result, NPP risks have been centralized into the digital I&C systems, with the issue of cyber-attack thus emerging as one of the new threats. To achieve more effective cyber security, it is necessary to evaluate the risk of cyber-attack quantitatively. This work proposes a quantitative assessment framework to evaluate NPP risk due to cyber-attack scenarios. This framework evaluates the risk by defining the difficulty and consequence of a cyber-attack, for which the assessment methods are based on Bayesian belief network and probabilistic safety assessment methods, respectively. Application of the framework to several possible cyber-attack scenarios quantitatively assessed the difficulty and consequence of the scenarios, thereby providing risk information. It is expected that application of the proposed framework can enhance cyber security.