Publications Details

Development of Defenses against False Data Injection Attacks for Nuclear Power Plants

Li, Yeni; Abdel-Khalik, Hany; Bertino, Elisa; Sundaram, Arvind

With the recent successful attempts against the digital control systems of critical infrastructures, there is a need to develop new defense strategies that recognize two important realities, 1) state- sponsored attackers can rely on a number of techniques including espionage, social engineering, and brute force techniques, etc. to gain access to the raw data used to control system behavior, 2) attackers can falsify operational data in manners that do not trigger conventional outlier/anomaly detection techniques in order to go undetected, which is referred to as false data injection attacks. Therefore, there is a strong need to explore another class of defense measures, referred to as physical process defense, serving as a new line of defense in the event existing defenses relying on information protection measures are breached. This physical process defenses utilize the physics and engineering models of the system to build unique signatures for genuine system behavior. If successful, the signatures would be able to detect attacks that falsify the operational data and render them harmless before they can inflict physical damage on the system. This report is focused on exploring the feasibility of physical process defenses for nuclear reactors, and their associated functional requirements to maximize their resiliency against state-sponsored, or equivalent, attackers.