Robust localized cyber-attack detection for key equipment in nuclear power plants

Abstract

Most nuclear power plants (NPPs) are looking deploying digital instrumentation and control (I&C) systems, which allow for more precise control and more economical operation. However, both the quantity and capability of industrial control system (ICS)-targeted cyber-attacks have grown dramatically over recent years. Therefore, one of the most significant challenges that digital I&C systems bring is the issue of cybersecurity, which should be enhanced before their deployment.Several different types of cyber-attacks can be introduced to NPPs; a false data injection attack on key equipment is the focus of this research due to the potential severe consequences associated with such an attack. In false data injection, the attackers may alter the reading of control sensors or commands to change the operation of an NPP. Current cybersecurity efforts focus on intrusion prevention by firewalls or data-flow direction control and use commercial intrusion detection systems, which usually focus on monitoring Internet Protocol (IP) addresses, ports, and payload length. However, attention should be given to conditions where these approaches can fail, such as an insider attack. Previous research based on process data shows the potential of a last defenseâ, line using online monitoring of the process data in concern with cyber data analysis. However, existing models involve different subsystems across the whole NPP, which has a wide attack surface and may require high computing cost. This holistic approach may not meet the time-sensitive requirements imposed upon I&C systems. This paper proposes a localized kit for key equipment in a process as a complementary detection method to improve the robustness of key equipment under cyber-attacks. Compared to existing models, this reduces the number of variables used in the model and significantly improves the computational speed. It also reduces the attack surface by limiting the data acquisition locally. This localized kit includes a cyber-attack detection model to detect anomalies within key components, such as the control system actuator, and an inference model to potentially reconstruct a compromised signal to allow the safe shut down.To develop and demonstrate the localized cybersecurity kit, a hardware-in-the-loop (HIL) testbed was built with a pressurized water reactor (PWR) simulator and a programmable logical controller (PLC). The PLC was programmed to control the steam generator (SG) water level at a specified set point, and the PWR simulator was utilized to simulate the nuclear system and response for parameters outside of the SG. Three false data injection attacks were conducted towards the testbed to generate the data needed for the localized kit development and evaluation. The results show the cyber-attack detection model is effective under false data injection scenarios and the inference model is promising as a signal reconstruction method.