Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Methodology Development for Cybersecurity Robustness and Vulnerability Assessment of University Research Reactors

Technical Report ·
DOI:https://doi.org/10.2172/1502929· OSTI ID:1502929

In 2012, the U.S. Nuclear Regulatory Commission (NRC) formed a working group in collaboration with the Test, Research and Training Reactors (TRTR) group to review cyber security programs at US nuclear nonpower reactor (NPR) facilities. Following their review of cyber security at four different university NPR (i.e. university research reactor (URR)) facilities, the NRC staff made recommendations for improvements at URR including 1) augmenting the URR licensees’ understanding of the protective features provided with their physical security systems, 2) educating URR facility staff on cyber security issues, and 3) developing guidance to help the URR facilities maintain adequate cyber security going forward.

This three-year project to develop and implement a cyber-security risk assessment methodology and defense-in-depth mitigation strategy for application at URR facilities provides solutions effectively addressing each of the recommendations given in the NRC review referenced above. In support of this project, cyber security documentation and guidance from the NRC, Department of Homeland Security (DHS) Industrial Control Systems (ICS) Cyber Emergency Response Team (CERT), National Institute of Standards and Technology (NIST), and the International Atomic Energy Agency (IAEA), were reviewed. Most of this documentation did not take the unique resources, configuration, and infrastructure associated with URR facilities into account. The NRC-TRTR effective practices document provides useful guidance for implementing cyber security protections at URR, but lacks a structured framework for systematically auditing facility digital control assets (DCA) and evaluating associated cyber threats, vulnerabilities, and risk. The outcomes from this project, therefore, seek to build on the general resources above by providing a straightforward DCA auditing and risk assessment methodology, as well as mitigation strategies, that may be implemented to address the risk of cyber-attack at URR facilities.

Research Organization:
North Carolina State Univ., Raleigh, NC (United States)
Sponsoring Organization:
USDOE Office of Nuclear Energy (NE)
DOE Contract Number:
NE0008446
OSTI ID:
1502929
Report Number(s):
15-8338; 15-8338
Country of Publication:
United States
Language:
English

Similar Records

Review and assessment of nonpower reactor inspection schedules
Conference · Tue Dec 31 23:00:00 EST 1991 · Transactions of the American Nuclear Society; (United States) · OSTI ID:7055891
Lessons Learned in Over a Decade of Technical Support for U.S. Nuclear Cyber Security Programmes
Conference · Thu Sep 05 00:00:00 EDT 2013 · OSTI ID:1345465
Key Regulatory Issues for Digital Instrumentation and Control Systems at Nuclear Power Plants
Conference · Mon Dec 31 23:00:00 EST 2007 · OSTI ID:1038459

Related Subjects

97 MATHEMATICS AND COMPUTING
CCE
CIE
Consequence-Driven Cyber-Informed Engineering
Consequence-based Targeting
Cyber
Cyber Risk
Cyber Supply Chain Risk
Cyber Threat and Vulnerability
Cyber-Informed Engineering
Cyber-Resilience
Cybersecurity Resilience
Energy Transition
Integrating Cybersecurity