Publications

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

The Information Harm Triangle (IHT) is an approach that seeks to simplify the defense-in-depth design of digital instrumentation and control (I&C) systems. The IHT provides a novel framework for understanding how cyber-attacks targeting digital I&C systems can harm the physical process. The utility of the IHT arises from the decomposition of cybersecurity analysis into two orthogonal vectors: data harm and physical information harm. Cyber-attacks on I&C systems can only directly cause data harm. Data harm is then transformed into physical information harm by unsafe control actions (UCAs) identified using Systems-Theoretic Process Analysis (STPA). Because data harm and physical information harm are orthogonal, defense-in-depth can be achieved by identifying control measures that independently limit data harm and physical information harm. This paper furthers the development of the IHT by investigating the defense-in-depth design of cybersecurity measures for sequences of UCAs. The effects of the order and timing of UCAs are examined for several case studies to determine how to represent these sequences using the IHT. These considerations are important for the identification of data harm and physical information harm security measures, and they influence the selection of efficient measures to achieve defense-in-depth. This research enables the benefits of the IHT's simple approach to be realized for increasingly complex cyber-attack scenarios.

The use of high-fidelity, real-time physics engines of nuclear power plants in a cyber security training platform is feasible but requires additional research and development. This paper discusses recent developments for cybersecurity training leveraging open-source NPP simulators and network emulation tools. The paper will detail key elements of currently available environments for cybersecurity training. Key elements assessed for each environment are: (i) Management and student user interfaces, (ii) pre-developed baseline and cyber-attack effects, and (iii) capturing student results and performance. Representative and dynamic environments require integration of physics model, network emulation, commercial of the shelf hardware, and technologies that connect these together. Further, orchestration tools for management of the holistic set of models and technologies decrease time in setup and maintenance allow for click to deploy capability. The paper will describe and discuss the Sandia developed environment and open-source tools that incorporates these technologies with click-to-deploy capability. This environment was deployed for delivery of an undergraduate/graduate course with the University of Sao Paulo, Brazil in July 2022 and has been used to investigate new concepts involving Cyber-STPA analysis. This paper captures the identified future improvements, development activities, and lessons learned from the course.

Cyber security has been difficult to quantify from the perspective of defenders. The effort to develop a cyber-attack with some ability, function, or consequence has not been rigorously investigated in Operational Technologies. This specification defines a testing structure that allows conformal and repeatable cyber testing on equipment. The purpose of the ETE is to provide data necessary to analyze and reconstruct cyber-attack timelines, effects, and observables for training and development of Cyber Security Operation Centers. Standardizing the manner in which cyber security on equipment is investigated will allow a greater understanding of the progression of cyber attacks and potential mitigation and detection strategies in a scientifically rigorous fashion.

Abstract not provided.

This document is intended to be utilized with the Equipment Test Environment being developed to provide a standard process by which the ETE can be validated. The ETE is developed with the intent of establishing cyber intrusion, data collection and through automation provide objective goals that provide repeatability. This testing process is being developed to interface with the Technical Area V physical protection system. The document will overview the testing structure, interfaces, device and network logging and data capture. Additionally, it will cover the testing procedure, criteria and constraints necessary to properly capture data and logs and record them for experimental data capture and analysis.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Recent high profile cyber attacks on critical infrastructures have raised awareness about the severe and widespread impacts that these attacks can have on everyday life. This awareness has spurred research into making industrial control systems and other cyber-physical systems more resilient. A plethora of cyber resilience metrics and frameworks have been proposed for cyber resilience assessments, but these approaches typically assume that data required to populate the metrics is readily available, an assumption that is frequently not valid. This paper describes a new cyber experimentation platform that can be used to generate relevant data and to calculate resilience metrics that quantify how resilient specified industrial control systems are to specified threats. Demonstration of the platform and analysis process are illustrated through a use case involving the control system for a pressurized water reactor.

Recent high profile cyber attacks on critical infrastructures have raised awareness about the severe and widespread impacts that these attacks can have on everyday life. This awareness has spurred research into making industrial control systems and other cyber-physical systems more resilient. A plethora of cyber resilience metrics and frameworks have been proposed for cyber resilience assessments, but these approaches typically assume that data required to populate the metrics is readily available, an assumption that is frequently not valid. This paper describes a new cyber experimentation platform that can be used to generate relevant data and to calculate resilience metrics that quantify how resilient specified industrial control systems are to specified threats. Demonstration of the platform and analysis process are illustrated through a use case involving the control system for a pressurized water reactor.

The adoption of digital technology into Instrumentation and Control (I&C) systems in nuclear facilities fundamentally changes the nature of these systems. Greater interconnectivity of reprogrammable, and functionally interdependent control systems has given rise to the need for computer security consideration in digital I&C Systems. The cyber security of I&C systems presents a growing risk to nuclear facilities and requires the development of educational and research tools to ensure the safety of these facilities. Currently there is a major gap in formal educational offerings on cyber security for these Operational Technology (OT) systems. To provide formal cyber security education resources, DOE’s office of International Nuclear Security (INS) partnered with the University of São Paulo (USP) to develop a training course on the cyber security of nuclear facility I&C systems using the hypothetical Nuclear Power Plant, Asherah.

Abstract not provided.

Seven generation III+ and generation IV nuclear reactor types, based on twelve reactor concepts surveyed, are examined using functional decomposition to extract relevant operational technology (OT) architecture information. This information is compared to existing nuclear power plants (NPPs) OT architectures to highlight novel and emergent cyber risks associated with next generation NPPs. These insights can help inform operational technology architecture requirements that will be unique to a given reactor type. Next generation NPPs have streamlined OT architectures relative to the current generation II commercial NPP fleet. Overall, without compensatory measures that provide sufficient and efficient cybersecurity controls, next generation NPPs will have increased cyber risk. Verification and validation of cyber-physical testbeds and cyber risk assessment methodologies may be an important next step to reduce cyber risk in the OT architecture design and testing phase. Coordination with safety requirements can result in OT architecture design being an iterative process.

Cybersecurity for industrial control systems is an important consideration that advance reactor designers will need to consider. How cyber risk is managed is the subject of on-going research and debate in the nuclear industry. This report seeks to identify potential cyber risks for advance reactors. Identified risks are divided into absorbed risk and licensee managed risk to clearly show how cyber risks for advance reactors can potentially be transferred. Absorbed risks are risks that originate external to the licensee but may unknowingly propagate into the plant. Insights include (1) the need for unification of safety, physical security, and cybersecurity risk assessment frameworks to ensure optimal coordination of risk, (2) a quantitative risk assessment methodology in conjunction with qualitative assessments may be useful in efficiently and sufficiently managing cyber risks, and (3) cyber risk management techniques should align with a risked informed regulatory framework for advance reactors.

The software package developed by Sandia National Laboratories is intended to allow the integration of Simulink models into emulations of control networks. To accomplish this, three programs are included: Simulink S-Function, Data Broker, and End Point

Abstract not provided.