Cyber Threat Scenarios for Electrical Systems of Nuclear Power Plants

Abstract

The function of Nuclear Power Plants (NPPs) is to produce electricity. However, in order to do that electrical power is also required for the house load for operation and to keep the safety of the plant intact. The Electrical Power Systems (EPSs) are specially designed both for normal plant operation and for particular conditions other than normal operation. In this way, NPP safety is maintained and continuousness of electrical power supplies is available despite temporary interruptions or flows through regular operation and post-shutdown. The power for a plant comes from different and reliable power sources that are physically and electrically isolated. The overall EPSs design intends to assure that any single failure or malfunction will affect only a single source of power supply and the other alternative sources should not be affected. Despite the separation between electrical power sources, malicious cyberattacks [IAEA NSS 8] might disrupt the power flow and interrupt the normal operation of a NPP [IAEA NSS 17]. Therefore, to intact the nuclear safety and security of a nuclear power plant, it is very important to incorporate cybersecurity considerations into the EPS design and implementation. Particularly, threat scenarios for EPS should be developed and evaluated before a cyberattack occurs. This will help to identify possible vulnerabilities, their impact and consequences that we want to prevent. The classification of attacks and the modelling of attacks on critical infrastructure are already described in [1] as part of our SMARTEST R&D project. Here, in this paper, we are describing examples of cyber threat scenarios for the EPSs and EPS interfaces. These are necessary with regard to specifying the anticipated security impact to a physical process controlled by the Instrumentation and Control (I&C). This serves as an input for the security analysis and the closed loop virtual validation via simulation and Fault Tree Analysis (FTA).