Publications

Abstract not provided.

Abstract not provided.

Abstract not provided.

A digital twin has intelligent modules that continuously monitor the condition of the individual components and the whole of a system. Digital twins can provide nuclear power plants (NPP) operators an unprecedented level of monitoring, control, supervision, and security by contributing a greater volume of data for more comprehensive data analysis and increased accuracy of insights and predictions for decision making throughout the entire NPP lifecycle. NPP operators and managers have historically relied on limited, second hand or incomplete data. With proper implementation, digital twins can provide a central hub of all intel that allows for a multidisciplinary view of an NPP. This equips operators and managers with the ability to have more information, context, and intel that can be used for greater granularity during planning and decision making. Digital twins can be used in many activities as the technology has many different concepts surrounding it. From the various definitions of a digital twin within the industry, digital twins can be differentiated by levels of integration/automation. The three main models include digital model, digital shadow, and digital twin. Digital twins offer many potential advancements to the nuclear industry that could reduce costs, improve designs, provide safer operation, and improve their overall security.

Cybersecurity is a persistent concern to the safety and security of Nuclear Power Plants (NPPs), but has lacked data-driven, evidence-based research. Rigorous cybersecurity analysis is critical for the licensing of advanced reactors using a performance-based approach. One tool that enables cybersecurity analysis is modeling and simulation. The nuclear industry makes extensive use of modeling and simulation throughout the decision process but lacks a method to incorporate cybersecurity analysis with existing models. To meet this need, the Advanced Reactor Cyber Analysis and Development Environment (ARCADE) was developed. ARCADE is a suite of publicly available tools that can be used to develop emulations of industrial control system devices and networks and integrate those emulations with physics simulators. This integration of cyber emulations and physics models enables rigorous cyber-physical analysis of cyber-attacks on NPP systems. This report provides an overview of key considerations for using ARCADE with existing physics models and demonstrates ARCADE’s capabilities for cybersecurity analysis. Using a model of the Small Modular Advanced High Temperature Reactor (SmAHTR), ARCADE was able to determine the sensitivity of the primary heat exchangers (PHX) to coordinated cyber-attacks. The analysis determined that while the PHX’s failures cause disruption to the reactor, they did not cause any safety limits to be exceeded because of the plant design, including passive safety features. Further development of ARCADE will enable rigorous, repeatable, and automated cyber-physical analysis of advanced reactor control systems. These efforts will also help reduce regulatory uncertainty by presenting similar types of cybersecurity analyses in a common format, driving standard approaches and reporting.

The Canada-US Blended Cyber-Physical Exercise was a successful, first of its kind, multiorganization and multi-laboratory exercise that culminated years of complex system development and planning. The project aimed to answer three driving research questions, (1) How do cyberattacks support malicious acts leading to theft or sabotage [at a nuclear site]? (2) What are aspects of an effective combined cyber-physical response? (3) How to evaluate effectiveness of that response? Which derived the following primary objectives, 1. The May 2023 Cyber-Physical Exercise shall present a cyber-attack scenario that supports malicious acts leading to theft or sabotage. 2. The May 2023 Cyber-Physical Exercise shall define aspects of an effective combined cyber-physical response. 3. Analysis of the May 2023 Cyber-Physical Exercise shall evaluate the effectiveness of the incident response against pre-established exercise evaluation criteria. 4. Analysis of the May 2023 Cyber-Physical Exercise shall assess the effectiveness of the evaluation criteria itself. 5. Exercises shall be performed in a real-life environment. The team believes these objectives were met, and the evidence will be presented in this report. Due to the novelty of the exercise, there were several lessons learned that will be presented in this report.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

The Information Harm Triangle (IHT) is an approach that seeks to simplify the defense-in-depth design of digital instrumentation and control (I&C) systems. The IHT provides a novel framework for understanding how cyber-attacks targeting digital I&C systems can harm the physical process. The utility of the IHT arises from the decomposition of cybersecurity analysis into two orthogonal vectors: data harm and physical information harm. Cyber-attacks on I&C systems can only directly cause data harm. Data harm is then transformed into physical information harm by unsafe control actions (UCAs) identified using Systems-Theoretic Process Analysis (STPA). Because data harm and physical information harm are orthogonal, defense-in-depth can be achieved by identifying control measures that independently limit data harm and physical information harm. This paper furthers the development of the IHT by investigating the defense-in-depth design of cybersecurity measures for sequences of UCAs. The effects of the order and timing of UCAs are examined for several case studies to determine how to represent these sequences using the IHT. These considerations are important for the identification of data harm and physical information harm security measures, and they influence the selection of efficient measures to achieve defense-in-depth. This research enables the benefits of the IHT's simple approach to be realized for increasingly complex cyber-attack scenarios.

The use of high-fidelity, real-time physics engines of nuclear power plants in a cyber security training platform is feasible but requires additional research and development. This paper discusses recent developments for cybersecurity training leveraging open-source NPP simulators and network emulation tools. The paper will detail key elements of currently available environments for cybersecurity training. Key elements assessed for each environment are: (i) Management and student user interfaces, (ii) pre-developed baseline and cyber-attack effects, and (iii) capturing student results and performance. Representative and dynamic environments require integration of physics model, network emulation, commercial of the shelf hardware, and technologies that connect these together. Further, orchestration tools for management of the holistic set of models and technologies decrease time in setup and maintenance allow for click to deploy capability. The paper will describe and discuss the Sandia developed environment and open-source tools that incorporates these technologies with click-to-deploy capability. This environment was deployed for delivery of an undergraduate/graduate course with the University of Sao Paulo, Brazil in July 2022 and has been used to investigate new concepts involving Cyber-STPA analysis. This paper captures the identified future improvements, development activities, and lessons learned from the course.

Cyber security has been difficult to quantify from the perspective of defenders. The effort to develop a cyber-attack with some ability, function, or consequence has not been rigorously investigated in Operational Technologies. This specification defines a testing structure that allows conformal and repeatable cyber testing on equipment. The purpose of the ETE is to provide data necessary to analyze and reconstruct cyber-attack timelines, effects, and observables for training and development of Cyber Security Operation Centers. Standardizing the manner in which cyber security on equipment is investigated will allow a greater understanding of the progression of cyber attacks and potential mitigation and detection strategies in a scientifically rigorous fashion.

Abstract not provided.

This document is intended to be utilized with the Equipment Test Environment being developed to provide a standard process by which the ETE can be validated. The ETE is developed with the intent of establishing cyber intrusion, data collection and through automation provide objective goals that provide repeatability. This testing process is being developed to interface with the Technical Area V physical protection system. The document will overview the testing structure, interfaces, device and network logging and data capture. Additionally, it will cover the testing procedure, criteria and constraints necessary to properly capture data and logs and record them for experimental data capture and analysis.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Recent high profile cyber attacks on critical infrastructures have raised awareness about the severe and widespread impacts that these attacks can have on everyday life. This awareness has spurred research into making industrial control systems and other cyber-physical systems more resilient. A plethora of cyber resilience metrics and frameworks have been proposed for cyber resilience assessments, but these approaches typically assume that data required to populate the metrics is readily available, an assumption that is frequently not valid. This paper describes a new cyber experimentation platform that can be used to generate relevant data and to calculate resilience metrics that quantify how resilient specified industrial control systems are to specified threats. Demonstration of the platform and analysis process are illustrated through a use case involving the control system for a pressurized water reactor.

Abstract not provided.