Simulated false data injections attacks on emulated and hardware programmable logic controllers of the pressurizer in a representative pressurized water reactor plant

Abstract

ABSTRACT Manipulating sensors data and/or Programmable Logic Controllers (PLCs) in Instrumentation and Control (I&C) systems could potentially compromise operation and safety of nuclear reactor power plants. This work utilizes the LOBO Nuclear CyberSecurity (LOBO NCS) Platform, developed recently at the University of New Mexico’s Institute for Space and Nuclear Power Studies, to investigate and contrast responses of an emulated PLC with OpenPLC and a commercial Allen-Bradley PLC. This is during nominal operation and simulated surge-in and surge-out transients of the pressurizer in a representative PWR plant. Investigations evaluate the effect of manipulating the control of linked PLCs to a physics-based Simulink model of the pressurizer on its operation during simulated transients. Simulated FDIAs introduced during the surge-in transient manipulate either input pressure or the rate of water spray into the pressurizer, to increase system pressure beyond nominal. Simulated FDIAs inconsistently overwrite holding registers of the PLCs during the duration of the attack. As a result, the immersed heaters and the water droplets spray nozzle switch off and on repeatedly, to reduce the pressure rise within the pressurizer. Manipulating a commercial Allen-Bradley PLC is more consistent than emulated OpenPLC and percentage of FDIAs’ successful overwrites increased with increasing input scan time of the PLC. Despite noted response differences iof emulated and hardware PLCs, results demonstrate using emulated PLCs in the LOBO NCS platform is suitable for current and future cybersecurity investigations.