An Approach for Assessing Consequences of Potential Supply Chain and Insider Contributed Cyber Attacks on Nuclear Power Plants
- Brookhaven National Laboratory, 33 N. Renaissance Road, Upton, NY 11973 (United States)
The Stuxnet attack at the Natanz facility is an example of a targeted and successful cyber attack on a nuclear facility. Snowden's release of National Security Agency documents demonstrated the consequences of the insider threat. More recently, the United States tried to attack North Korea but failed, South Korea was attempting to attack North Korea, and both applied Stuxnet-like approaches. These sophisticated targeted attacks differ from web-site hacking events that are reported almost daily in the news mainly because targeted attacks require detailed design and operation information of the systems attacked and/or are often carried out by insiders. For instance, in order to minimize disruption of facilities around the world, Stuxnet remained idle until it recognized the specific configuration of the Natanz facility, demonstrating that the attackers possessed extremely detailed information about the facility. Such targeted cyber attacks could become a national-level military weapon and be used in coercion of hostile countries. While U.S. nuclear power plants (NPPs) are well designed and protected and not easily attacked through internet hacking, there have been a few digital-system-related incidents. For example, in 2003, the Slammer worm breached the private network of the Davis Besse plant and disabled a safety monitoring system for almost five hours. The breach did not pose a safety hazard because the plant was offline, but it demonstrates the vulnerability of NPP systems. The worm did not enter the plant systems directly; it began by entering the systems of a Davis Besse contractor, and entered through the T1 line bridging the contractor's computer and Davis Besse's corporate networks. The T1 line was not protected by the plant's firewall. The success of the Stuxnet-Natanz case demonstrates that supply-chain level attack (i.e., physically tampering with digital systems to install undetectable malware for the purpose of bringing harm to a player further down the supply chain network) plays a crucial role in a successful attack. Although attacking an NPP naturally requires more complex strategies and tactics than internet hacking, NPP's have a variety of sophisticated and possibly sensitive systems that may be attacked. Previous studies, for example, Baylon, have identified and confirmed that such attack strategies and tactics can be designed and could produce severe damage to an NPP. Current NPPs were designed according to design basis accidents that predate use of the internet by the general public and did not take into consideration potential cyber attacks that could be carried out by state-sponsored attackers and malicious insiders. To date, no detailed engineering analysis has been performed to realistically examine the consequences these attacks may have on the plants. In this paper, we discuss an approach for assessing the potential consequences of Stuxnet type of attacks. We will examine the engineering criteria used in designing the plants, develop possible attack scenarios in terms of the structures, components, and systems (SSCs) being controlled by digital systems at the NPPs, perform engineering analysis to determine if the attacks would impose conditions that are beyond design bases, and categorize the consequences of the potential accidents. (authors)
- OSTI ID:
- 23042725
- Journal Information:
- Transactions of the American Nuclear Society, Vol. 115; Conference: 2016 ANS Winter Meeting and Nuclear Technology Expo, Las Vegas, NV (United States), 6-10 Nov 2016; Other Information: Country of input: France; 3 refs.; available from American Nuclear Society - ANS, 555 North Kensington Avenue, La Grange Park, IL 60526 (US); ISSN 0003-018X
- Country of Publication:
- United States
- Language:
- English
Similar Records
Methodology on cyber security evaluation in nuclear facilities considering I and C architecture - 224
Implementation of an ICS Ransomware Testbed: Scenarios, Variants, and Evaluation Methods