A new approach is described that offers a Risk-Informed Performance-Based (RIPB) framework for quantifying the risk associated with a cyber-attack on a nuclear power-generating facility. The first part of the method involves 1) the creation of a simplified 10 CFR 73.54 compliant cyber infrastructure, 2) modeling of design basis threats against the network and passive defense of the network and 3) applying the model metrics as inputs into a Bayesian analysis to calculate the exploit probability of a plant controller. The RAVEN code package was used to perform a stochastic calculation to quantify the aleatory uncertainty associated with exploiting a plant controller and produce basic statistics associated with those outputs, such as the standard deviation and standard error. Other tools, such as ADAPT, were also explored, which could be leveraged for direct DPRA analysis of network topology, such that new failure modes or initiating events could be discovered. The second aspect of the RIPB method considers the impact of the controller on the physical plant. This evaluation was conducted by postulating an accident scenario possibly caused by the dynamics of an exploited process controller, initiating that event in a RELAP5 model controlled by the RAVEN risk analysis package, and demonstrating the types of algorithms that can be used to quantify the consequences of the accident scenario. The new two-part method explored in this work provides the uncertainty associated with a cyber-initiating event and the associated consequences of a postulated accident resulting from that exploit, as well as example tools and algorithms for performing the analysis.
Read full abstract