Cyber security in the nuclear industry: A closer look at digital control systems, networks and human factors

Abstract

The development life cycle of conventional nuclear power plants (NPPs) needs to be optimized if the energy produced by advanced reactors and small modular reactors is to be competitive. One of the proposed optimisation initiatives is the digitalization of nuclear facility control and instrumentation. Digitalization of nuclear control and instrumentation will improve plants' performance and cost competitiveness. However, it could also introduce cyber security challenges. To create a strong cyber-defence for critical digital assets in nuclear facilities, an extensive analysis of threats and vulnerabilities in systems, networks, and devices is necessary. This article examines recent research that analyses the digital assets at nuclear power facilities for threats and vulnerabilities. This work synthesizes and categorises potential attack propagation paths in digitalized nuclear facilities based on five different surfaces: direct network path, programmable logic controllers, sensor/actuator signals, and indirect propagation paths such as attacks that exploit human factors and the supply chain. The work's main contribution is it provides a state-of-the-art understanding of the relationship between attack propagation paths, associated vulnerabilities, and current security controls. Based on the literature review, a framework for developing an attack-resilient control system for NPPs is suggested, which would be helpful for a security-informed design of reactor control systems. The discussion on nuclear cyber risks, vulnerabilities, attack routes, and defence methods offers a cutting-edge understanding of the security challenges in digitalized nuclear facilities. The suggested framework is an essential foundation for future research direction, towards a secured and resilient digitisation of nuclear power plant control systems.