An overview of methodologies for cybersecurity vulnerability assessments conducted in nuclear power plants

Abstract

Cyber-attacks against critical energy infrastructure have gone from possible to eventual to actual. With electrical generation sources in the United States changing under a wide range of pressures, the current fleet of nuclear power plants in the United States provides a reliable and sustainable source of electrical generation capacity. However, in order to extend the lifetime of the fleet, modernization upgrades to digital instrumentation and control systems are required. While this produces many opportunities for increased efficiency, it introduces a new level of complexity for securing and reliably operating reactors in the presence cyber-threats. The United States Nuclear Regulatory Commission recently began urging stronger cybersecurity efforts at nuclear power plants. As upgrades at nuclear power plants begin, the implementation of digital instrumentation and control systems to monitor and run the power plant introduces new vulnerabilities that must be addressed. This necessitates a more modern discussion of risk. Within this context, we critically review past cyber-vulnerability incidents at nuclear installations and other critical facilities. We then analyze challenges to vulnerabilities within the context of modernization of the current nuclear fleet and propose future research directions needed to resolve these issues.