Publications

Fasano, Raymond E.; Lamb, Christopher L.; Hahn, Andrew S.; Haddad, Alexandria H.

Cybersecurity for industrial control systems is an important consideration that advance reactor designers will need to consider. How cyber risk is managed is the subject of on-going research and debate in the nuclear industry. This report seeks to identify potential cyber risks for advance reactors. Identified risks are divided into absorbed risk and licensee managed risk to clearly show how cyber risks for advance reactors can potentially be transferred. Absorbed risks are risks that originate external to the licensee but may unknowingly propagate into the plant. Insights include (1) the need for unification of safety, physical security, and cybersecurity risk assessment frameworks to ensure optimal coordination of risk, (2) a quantitative risk assessment methodology in conjunction with qualitative assessments may be useful in efficiently and sufficiently managing cyber risks, and (3) cyber risk management techniques should align with a risked informed regulatory framework for advance reactors.

Fasano, Raymond E.; Hahn, Andrew S.; Haddad, Alexandria H.; Lamb, Christopher L.

Seven generation III+ and generation IV nuclear reactor types, based on twelve reactor concepts surveyed, are examined using functional decomposition to extract relevant operational technology (OT) architecture information. This information is compared to existing nuclear power plants (NPPs) OT architectures to highlight novel and emergent cyber risks associated with next generation NPPs. These insights can help inform operational technology architecture requirements that will be unique to a given reactor type. Next generation NPPs have streamlined OT architectures relative to the current generation II commercial NPP fleet. Overall, without compensatory measures that provide sufficient and efficient cybersecurity controls, next generation NPPs will have increased cyber risk. Verification and validation of cyber-physical testbeds and cyber risk assessment methodologies may be an important next step to reduce cyber risk in the OT architecture design and testing phase. Coordination with safety requirements can result in OT architecture design being an iterative process.