Support for Reactor Operators in Case of Cyber-Security Threats (NEUP Final Report)

Increasing use of digital technology in nuclear power plants (NPPs) poses cyber-security as a crucial threat to public safety and to continuous energy production. Cyber-security risks are comprised of complex known and unknown interactions between various entities, system vulnerabilities, network protocols, human users and malicious attacks. There is little understanding or research geared towards plant operators’ response under cyber-security threats and operational procedures to cope with such threats. This is particularly critical when a cyber-security event masquerades as a safety incident or an evolving accident. Instead of leading operators to the remediation of the accident, the masked cyber event may lead them to circumvent the safety mechanisms of the plant. Given these challenges, the objective of this project is to develop a tool to characterize abnormal NPP events as “cyber” or “safety” incidents, and to further develop this tool as a real-time operator aid to assist in response to the incident. This NEUP Final Report summarizes the research efforts towards the above goals and the results in the following three aspects. First, a methodology for classifying abnormal NPP events as cyber-attacks or safety incidents was developed. This provides the basis for responding to potential cyber-attacks. In this methodology, the causal relationships between various variables (i.e., physical variables, network variables, and control variables) for a nuclear system under consideration are modeled using dynamic Bayesian networks. Based on observations of certain variables (i.e., the evidence), inference is performed to identify the state of hidden variables, which helps indicate the occurrence of cyber-attacks or safety incidents. The proposed methodology was applied to the full scope NPP simulator system at The Ohio State University as a case study. The result shows that the proposed methodology is capable of distinguishing between cyber-attacks and safety incidents. Second, a game-theoretic approach for responding to cyber-attacks on nuclear power plants was developed. This is the second major goal of the project, and the method is used to recommend optimal responses to reactor operators in the case of cyber-attacks. We consider two cases in this research. In the first case, the interaction between the defender (i.e., the reactor operator) and the attacker is modeled as a two-player, nonzero-sum, Markov game with an infinite time horizon. In the second case, we consider a semi-Markov game between the defender and the attacker within a finite time horizon. The model in the second case enables us to consider the time sensitive response of the defender. In each case, the method for deriving the Nash equilibrium is developed. The Nash Equilibrium of the game provides the valid prediction of both players’ actions because no single player can benefit from unilaterally deviating from the equilibrium policy if the other player adheres to his/hers, hence it provides the best response of the defender to cyber-attacks. The proposed method in each case is demonstrated through a simplified benchmark digital feedwater control system. Third, a prototype display is developed to integrate the above information. The prototype display depicts the communication information to the operator and incorporates the cyber-security tool developed by the team into the interface. It consists of the regular display in current control rooms, as well as a panel used to indicate the occurrence of cyber-attacks or safety events and a panel used to guide the operator’s response to detected cyber-attacks.