Publications

Abstract not provided.

Abstract not provided.

This document describes the Cybersecurity Research Development and Demonstration (RD&D) Program, established by the Department of Energy Office of Nuclear Energy (NE) to provide sciencebased methods and technologies necessary for cost-effective, cyber-secure digital instrumentation, control and communication in collaboration with nuclear energy stakeholders. It provides an overview of program goals, objectives, linkages to organizational strategies, management structure, and stakeholder and cross-program interfaces.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

U. S. Nuclear Power Plants are seeking to implement wireless communications for cost-effective operations. New technology introduced into power plants must not introduce security concerns into critical plant functions. This paper describes the potential for new security concerns with proposed nuclear power plant wireless system implementations and methods of evaluation. While two aspects of concern are introduced, only one (cyber attack vulnerability) is expanded with a description of test setup and methods. A novel method of cyber vulnerability discovery is also described. The goal of this research is to establish wireless technology as a part of a secure operations architecture that brings increased efficiency without introducing new security concerns.

This project explored coupling modeling and analysis methods from multiple domains to address complex hybrid (cyber and physical) attacks on mission critical infrastructure. Robust methods to integrate these complex systems are necessary to enable large trade-space exploration including dynamic and evolving cyber threats and mitigations. Reinforcement learning employing deep neural networks, as in the AlphaGo Zero solution, was used to identify "best" (or approximately optimal) resilience strategies for operation of a cyber/physical grid model. A prototype platform was developed and the machine learning (ML) algorithm was made to play itself in a game of 'Hurt the Grid'. This proof of concept shows that machine learning optimization can help us understand and control complex, multi-dimensional grid space. A simple, yet high-fidelity model proves that the data have spatial correlation which is necessary for any optimization or control. Our prototype analysis showed that the reinforcement learning successfully improved adversary and defender knowledge to manipulate the grid. When expanded to more representative models, this exact type of machine learning will inform grid operations and defense - supporting mitigation development to defend the grid from complex cyber attacks! This same research can be expanded to similar complex domains.

In recognition of their mission and in response to continuously evolving cyber threats against nuclear facilities, Department of Energy - Nuclear Energy (DOE-NE) is building the Nuclear Energy Cyber security Research, Development, and Demonstration (RD&D) Program, which includes a cyber risk management thrust. This report supports the cyber risk management thrust objective which is to deliver "Standardized methodologies for credible risk-based identification, evaluation and prioritization of digital components." In a previous task, the Sandia National Laboratories (SNL) team presented evaluation criteria and a survey to review methods to determine the most suitable techniques. In this task we will identify and evaluate a series of candidate methodologies. In this report, 10 distinct methodologies are evaluated. The overall goal of this effort was to identify the current range of risk analysis techniques that were currently available, and how they could be applied, with an focus on industrial control systems (ICS). Overall, most of the techniques identified did fall into accepted risk analysis practices, though they generally addressed only one step of the multi-step risk management process. A few addressed multiple steps, but generally their treatment was superficial. This study revealed that the current state of security risk analysis in digital control systems was not comprehensive and did not support a science-based evaluation. The papers surveyed did use mathematical formulation to describe the addressed problems, and tied the models to some kind of experimental or experiential evidence as support. Most of the papers, however, did not use a rigorous approach to experimentally support the proposed models, nor did they have enough evidence supporting the efficacy of the models to statistically analyze model impact. Both of these issues stem from the difficulty and expense associated with collecting experimental data in this domain.

Abstract not provided.

Abstract not provided.

Abstract not provided.

In this paper, we will summarize a group of architectural principles that inform the development of secure control system architectures, followed by a methodology that allows designers to understand the attack surface of components and subsystems in a way that supports the integration of these surfaces into a single attack surface. We will then show how this methodology can be used to analyze the control system attack surface from a variety of threats, including knowledgeable insiders. We close the paper with an overview of how this approach can be folded into a more rigorous mathematical analysis of the system to define the system's security posture.

Nuclear power plants and facilities have been implementing digital system upgrades into their previously analog systems for well over twenty years. New nuclear facilities’ control, security, and emergency preparedness systems are almost exclusively built on digital architectures with a high degree of communication between the various systems that are often integrated together into a central control station to aid in operation or security of the facility. As digital systems become more widespread in nuclear facility control system architectures, cyber security related issues have become a significant concern to operators, regulators, governments, and other groups. Among the many concerns related to digital systems and cyber security is the area of common cause and common mode failures. This paper introduces, defines, and discusses some sources of common cause failure from a cyber security perspective: common vector access. This refers to specific access points that an adversary can exploit through a single attack sequence that have the potential to provide relational failures through common cause on multiple components, subsystems, systems, or plants. This paper will further discuss interconnected processes where these access points may exist, the importance of limiting or controlling these pinch points, and some methods of protecting common vector access points.

Abstract not provided.

Abstract not provided.

International nuclear safeguards are technical measures implemented by the International Atomic Energy Agency (IAEA) to verify the correctness and completeness of declarations made by States about their nuclear activities. The systems used to verify such activities include electronic and digital hardware and software components capable of data collection, processing, analysis, storage and transmission. Despite increasing efforts to protect digital systems against unauthorized access or attack through cybersecurity measures, these systems are not immune to cyber exploitation that could compromise their integrity or reliability. Previous versions of these systems did not include capabilities that exist today, such as BluetoothTM and GPS. The inclusion of these new capabilities, as well as new data processing and storage mechanisms, adds new attack vectors and opportunities for adversaries to exploit the devices that did not previously exist. As mentioned in the above referenced Cybersecurity for Safeguards study, cyber-domain vulnerabilities present risks to the equipment used to perform the international nuclear safeguards mission. The IAEA has produced guidance on the protection of nuclear facilities and their computer systems against cyber threats, but these documents do not specifically address the risks to safeguards or safeguards equipment. In response, the U.S. Department of Energy National Nuclear Security Administration (DOE/NNSA) Office of International Nuclear Safeguards/Safeguards Technology Development (NA-241) sponsored Sandia National Laboratories (Sandia, SNL) and the Idaho National Laboratory (Idaho, INL) to conduct a one-year study to evaluate cyber related vulnerabilities in safeguards equipment and develop recommendations for the mitigation of any identified risks.

Abstract not provided.

In a common electric power plant, heat is used to boil water into steam which drives a turbine. The steam from the turbine outlet is condensed with cooling water. This is the common Rankine cycle and, even after decades of development is relatively inefficient and water intensive. Alternatively, a closed Brayton cycle recirculates the working fluid, and the turbine exhaust is used in a recuperating heat exchanger to heat the turbine feed. A "supercritical cycle' is a closed Brayton cycle in which the working fluid, such as supercritical carbon dioxide (sCO2), is maintained above the critical point during the compression phase of the cycle. The key property of the fluid near its critical point is its higher gas density, closer to that of a liquid than of a gas, allowing for the pumping power in the compressor to be significantly reduced resulting in improved efficiency. Other advantages include smaller component size and the reduced use of water, not only due to the increased efficiency, but also due sensible heat rejection which facilitates dry air cooling compared to air-cooled steam condensers. A Sandia National Laboratories commercialization review concluded that the technology has applicability across various power generation applications including fossil fuels, concentrated solar power and nuclear power. In 2006, Sandia National Laboratories (SNL), recognizing the potential advantages of a higher efficiency power cycle, used internal funds to establish a testing capability and began partnering with the U.S. Department of Energy Office of Nuclear Energy to develop a laboratory-scale test assembly to show the viability of the underlying science and demonstrate system performance. Since that time, SNL has generated power, verified cycle performance, and developed cycle controls and maintenance procedures. The test assembly has successfully operated in different configurations (simple Brayton, waste heat cycle, and recompression) and tested additives to the s-CO2 working fluid. Our current focus is to partner with industry and develop cycle components and control strategies sufficient to support a successful commercial offering. This paper has been developed for the Energy Policy Institute's (EPI's) 6th Annual Energy Policy Research Conference scheduled for 8 & 9 September 2016 in Santa Fe, NM. We describe the cycle in more detail and describe specific benefits and applications. The paper will also include current technology development activities and future plans.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.