Publications

Abstract not provided.

The Advanced Reactor Cyber Analysis and Development Environment (ARCADE) simplifies the evaluation and assessment of robustness factor and cyber resilience that support secure-by-design for advanced reactor nuclear power plants. In this manner, ARCADE supports risk-informed performance based (RIPB) evaluations of cybersecurity through its integration of plant physics with high-fidelity emulations of control systems. This cross domain approach enables comprehensive analysis of control system sensitivities, cyber-attack scenarios, and their consequences. ARCADE has been custom developed to meet the demands identified in Tier 1 of the Tiered Cyber Analysis (TCA) as outlined in NRC Draft Regulation Guide (RG) 5.96, which provides a RIPB cybersecurity approach for new reactors.

Physical security is increasingly facing new threats from cyber attackers, for which there is little research in the way of characterizing this threat. This report discusses the efforts to combine cyber and physical security modeling tools to investigate this novel combinatorial threat space. To accomplish this, the Dante force-on-force modeling and simulation software and the Advanced Reactor Cyber Analysis and Development Environment (ARCADE) were integrated. Dante provides a 3D environment which models the physical world, while ARCADE provides the cyber and control systems world.

This report presents the design of defensive cybersecurity architectures (DCSAs) for High Temperature, Gas-Cooled Reactors (HTGRs). A DCSA is a cybersecurity design feature that places systems into security zones in a graded approach according to the importance of the functions performed by the systems. DCSA design efforts for advanced reactors may commence as early as the system-level design phase. This design approach is consistent with the draft regulatory guide for advanced reactor cybersecurity programs (DG-5075) and enables advanced reactor designers to consider the effects of security-by-design (SeBD) features on their DCSAs. Integration of DCSA design and other cybersecurity activities with the traditional design process as part of a SeBD framework may enable advanced reactor designers to improve the security posture of their plants while reducing implementation and operating costs. This report provides a DCSA template for an exemplar HTGR and describes a DCSA design process using event tree analysis so that the template may be optimized for a given HTGR design.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Significant research and development efforts are underway to ensure the cybersecurity of critical infrastructure and other operational technology (OT) systems. Given the high demand for safety and availability of OT systems, novel OT tools and systems must be designed and tested in a consequence-aware environment. This requires the seamless integration of high-fidelity physics simulations with emulations of OT devices and networks. This paper introduces a modular simulation environment for an oil and gas compressor station and its local networks. This environment will be used to support the development of novel tools to predict, detect, and mitigate cyber threats on critical infrastructure. This paper also describes future plans to expand the scale of the environment and its use cases.

Abstract not provided.

Abstract not provided.

A digital twin has intelligent modules that continuously monitor the condition of the individual components and the whole of a system. Digital twins can provide nuclear power plants (NPP) operators an unprecedented level of monitoring, control, supervision, and security by contributing a greater volume of data for more comprehensive data analysis and increased accuracy of insights and predictions for decision making throughout the entire NPP lifecycle. NPP operators and managers have historically relied on limited, second hand or incomplete data. With proper implementation, digital twins can provide a central hub of all intel that allows for a multidisciplinary view of an NPP. This equips operators and managers with the ability to have more information, context, and intel that can be used for greater granularity during planning and decision making. Digital twins can be used in many activities as the technology has many different concepts surrounding it. From the various definitions of a digital twin within the industry, digital twins can be differentiated by levels of integration/automation. The three main models include digital model, digital shadow, and digital twin. Digital twins offer many potential advancements to the nuclear industry that could reduce costs, improve designs, provide safer operation, and improve their overall security.

Cybersecurity is a persistent concern to the safety and security of Nuclear Power Plants (NPPs), but has lacked data-driven, evidence-based research. Rigorous cybersecurity analysis is critical for the licensing of advanced reactors using a performance-based approach. One tool that enables cybersecurity analysis is modeling and simulation. The nuclear industry makes extensive use of modeling and simulation throughout the decision process but lacks a method to incorporate cybersecurity analysis with existing models. To meet this need, the Advanced Reactor Cyber Analysis and Development Environment (ARCADE) was developed. ARCADE is a suite of publicly available tools that can be used to develop emulations of industrial control system devices and networks and integrate those emulations with physics simulators. This integration of cyber emulations and physics models enables rigorous cyber-physical analysis of cyber-attacks on NPP systems. This report provides an overview of key considerations for using ARCADE with existing physics models and demonstrates ARCADE’s capabilities for cybersecurity analysis. Using a model of the Small Modular Advanced High Temperature Reactor (SmAHTR), ARCADE was able to determine the sensitivity of the primary heat exchangers (PHX) to coordinated cyber-attacks. The analysis determined that while the PHX’s failures cause disruption to the reactor, they did not cause any safety limits to be exceeded because of the plant design, including passive safety features. Further development of ARCADE will enable rigorous, repeatable, and automated cyber-physical analysis of advanced reactor control systems. These efforts will also help reduce regulatory uncertainty by presenting similar types of cybersecurity analyses in a common format, driving standard approaches and reporting.

The Canada-US Blended Cyber-Physical Exercise was a successful, first of its kind, multiorganization and multi-laboratory exercise that culminated years of complex system development and planning. The project aimed to answer three driving research questions, (1) How do cyberattacks support malicious acts leading to theft or sabotage [at a nuclear site]? (2) What are aspects of an effective combined cyber-physical response? (3) How to evaluate effectiveness of that response? Which derived the following primary objectives, 1. The May 2023 Cyber-Physical Exercise shall present a cyber-attack scenario that supports malicious acts leading to theft or sabotage. 2. The May 2023 Cyber-Physical Exercise shall define aspects of an effective combined cyber-physical response. 3. Analysis of the May 2023 Cyber-Physical Exercise shall evaluate the effectiveness of the incident response against pre-established exercise evaluation criteria. 4. Analysis of the May 2023 Cyber-Physical Exercise shall assess the effectiveness of the evaluation criteria itself. 5. Exercises shall be performed in a real-life environment. The team believes these objectives were met, and the evidence will be presented in this report. Due to the novelty of the exercise, there were several lessons learned that will be presented in this report.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

Abstract not provided.

The use of high-fidelity, real-time physics engines of nuclear power plants in a cyber security training platform is feasible but requires additional research and development. This paper discusses recent developments for cybersecurity training leveraging open-source NPP simulators and network emulation tools. The paper will detail key elements of currently available environments for cybersecurity training. Key elements assessed for each environment are: (i) Management and student user interfaces, (ii) pre-developed baseline and cyber-attack effects, and (iii) capturing student results and performance. Representative and dynamic environments require integration of physics model, network emulation, commercial of the shelf hardware, and technologies that connect these together. Further, orchestration tools for management of the holistic set of models and technologies decrease time in setup and maintenance allow for click to deploy capability. The paper will describe and discuss the Sandia developed environment and open-source tools that incorporates these technologies with click-to-deploy capability. This environment was deployed for delivery of an undergraduate/graduate course with the University of Sao Paulo, Brazil in July 2022 and has been used to investigate new concepts involving Cyber-STPA analysis. This paper captures the identified future improvements, development activities, and lessons learned from the course.

The Information Harm Triangle (IHT) is an approach that seeks to simplify the defense-in-depth design of digital instrumentation and control (I&C) systems. The IHT provides a novel framework for understanding how cyber-attacks targeting digital I&C systems can harm the physical process. The utility of the IHT arises from the decomposition of cybersecurity analysis into two orthogonal vectors: data harm and physical information harm. Cyber-attacks on I&C systems can only directly cause data harm. Data harm is then transformed into physical information harm by unsafe control actions (UCAs) identified using Systems-Theoretic Process Analysis (STPA). Because data harm and physical information harm are orthogonal, defense-in-depth can be achieved by identifying control measures that independently limit data harm and physical information harm. This paper furthers the development of the IHT by investigating the defense-in-depth design of cybersecurity measures for sequences of UCAs. The effects of the order and timing of UCAs are examined for several case studies to determine how to represent these sequences using the IHT. These considerations are important for the identification of data harm and physical information harm security measures, and they influence the selection of efficient measures to achieve defense-in-depth. This research enables the benefits of the IHT's simple approach to be realized for increasingly complex cyber-attack scenarios.

Cyber security has been difficult to quantify from the perspective of defenders. The effort to develop a cyber-attack with some ability, function, or consequence has not been rigorously investigated in Operational Technologies. This specification defines a testing structure that allows conformal and repeatable cyber testing on equipment. The purpose of the ETE is to provide data necessary to analyze and reconstruct cyber-attack timelines, effects, and observables for training and development of Cyber Security Operation Centers. Standardizing the manner in which cyber security on equipment is investigated will allow a greater understanding of the progression of cyber attacks and potential mitigation and detection strategies in a scientifically rigorous fashion.