Overview and Recommendations for Cyber Risk Assessment in Nuclear Power Plants

Zhang, Fan; Kelly, Kevin

doi:10.1080/00295450.2022.2092356

Overview and Recommendations for Cyber Risk Assessment in Nuclear Power Plants

Journal Article · Fri Sep 02 00:00:00 EDT 2022 · Nuclear Technology

DOI:https://doi.org/10.1080/00295450.2022.2092356· OSTI ID:1908178

^[1]; Kelly, Kevin ^[2]

Georgia Institute of Technology, Atlanta, GA (United States); Georgia Institute of Technology
Georgia Institute of Technology, Atlanta, GA (United States)

Digital instrumentation and control (I&C) systems are being deployed in nuclear power plants (NPPs) for both existing and advanced reactor designs. As I&C systems become more digitized to allow features like near autonomous control and remote operation, they introduce greater cyber risk to NPPs. Cyberattacks targeting industrial control systems (ICSs) are growing in both qualities and capabilities, which indicates that cybersecurity needs to be an integral part of risk assessment in the industry. Although there are some risk assessment methods in traditional information technology (IT) cybersecurity, the differences between IT and ICS cybersecurity make it infeasible to apply these risk assessment methods directly to ICSs. Some research has focused on risk assessment methods for ICSs, but few studies focus on applications to NPPs. Ideal risk frameworks for the nuclear industry are dynamic and account for system dependencies; this survey review focuses on such risk assessment methods both in and outside the nuclear field. In this article, the major challenges in cybersecurity risk assessment research are pointed out, and further research suggestions and considerations for cyber risk assessment in I&C systems are identified.

View Accepted Manuscript (DOE)

Research Organization:: Univ. of Tennessee, Knoxville, TN (United States)

Sponsoring Organization:: USDOE Office of Nuclear Energy (NE), Nuclear Energy University Program (NEUP)

Grant/Contract Number:: NE0008898

OSTI ID:: 1908178

Journal Information:: Nuclear Technology, Journal Name: Nuclear Technology Journal Issue: 3 Vol. 209; ISSN 0029-5450

Publisher:: Taylor & FrancisCopyright Statement

Country of Publication:: United States

Language:: English

References (30)

Continuous Risk Management for Industrial IoT: A Methodological View Adaros-Boye, Carolina; Kearney, Paul; Josephs, Mark Lecture Notes in Computer Science https://doi.org/10.1007/978-3-030-41568-6_3	book	January 2020
A review of cyber security risk assessment methods for SCADA systems Cherdantseva, Yulia; Burnap, Pete; Blyth, Andrew Computers & Security, Vol. 56 https://doi.org/10.1016/j.cose.2015.09.009	journal	February 2016
Hazard and operability (HAZOP) analysis. A literature review Dunjó, Jordi; Fthenakis, Vasilis; Vílchez, Juan A. Journal of Hazardous Materials, Vol. 173, Issue 1-3 https://doi.org/10.1016/j.jhazmat.2009.08.076	journal	January 2010
Cyber Security Risk Evaluation of a Nuclear I&C Using BN and ET Shin, Jinsoo; Son, Hanseong; Heo, Gyunyoung Nuclear Engineering and Technology, Vol. 49, Issue 3 https://doi.org/10.1016/j.net.2016.11.004	journal	April 2017
An autonomous control framework for advanced reactors Wood, Richard T.; Upadhyaya, Belle R.; Floyd, Dan C. Nuclear Engineering and Technology, Vol. 49, Issue 5 https://doi.org/10.1016/j.net.2017.07.001	journal	August 2017
Survey of cyber risk analysis techniques for use in the nuclear industry Eggers, Shannon; Le Blanc, Katya Progress in Nuclear Energy, Vol. 140 https://doi.org/10.1016/j.pnucene.2021.103908	journal	October 2021
Assessment of attack likelihood to support security risk assessment studies for chemical facilities Landucci, Gabriele; Argenti, Francesca; Cozzani, Valerio Process Safety and Environmental Protection, Vol. 110 https://doi.org/10.1016/j.psep.2017.06.019	journal	August 2017
Development of a cyber security risk model using Bayesian networks Shin, Jinsoo; Son, Hanseong; Khalil ur, Rahman Reliability Engineering & System Safety, Vol. 134 https://doi.org/10.1016/j.ress.2014.10.006	journal	February 2015
The future of risk assessment Zio, E. Reliability Engineering & System Safety, Vol. 177 https://doi.org/10.1016/j.ress.2018.04.020	journal	September 2018
Bayesian Stochastic Petri Nets (BSPN) - A new modelling tool for dynamic safety and reliability analysis Taleb-Berrouane, Mohammed; Khan, Faisal; Amyotte, Paul Reliability Engineering & System Safety, Vol. 193 https://doi.org/10.1016/j.ress.2019.106587	journal	January 2020
Finite-horizon semi-Markov game for time-sensitive attack response and probabilistic risk assessment in nuclear power plants Zhao, Yunfei; Huang, Linan; Smidts, Carol Reliability Engineering & System Safety, Vol. 201 https://doi.org/10.1016/j.ress.2020.106878	journal	September 2020
Cyber Security Risk Management in the SCADA Critical Infrastructure Environment Henrie, Morgan Engineering Management Journal, Vol. 25, Issue 2 https://doi.org/10.1080/10429247.2013.11431973	journal	June 2013
Cybersecurity and cyber terrorism - in energy sector – a review Venkatachary, Sampath Kumar; Prasad, Jagdish; Samikannu, Ravi Journal of Cyber Security Technology, Vol. 2, Issue 3-4 https://doi.org/10.1080/23742917.2018.1518057	journal	October 2018
Advanced Techniques for Modeling Terrorism Risk Major, John A. The Journal of Risk Finance, Vol. 4, Issue 1 https://doi.org/10.1108/eb022950	journal	April 2002
A Model-Data Integrated Cyber Security Risk Assessment Method for Industrial Control Systems Peng, Yuan; Huang, Kaixing; Tu, Weixun 2018 IEEE 7th Data Driven Control and Learning Systems Conference (DDCLS) https://doi.org/10.1109/DDCLS.2018.8516022	conference	May 2018
Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System McQueen, M. A.; Boyer, W. F.; Flynn, M. A. Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06) https://doi.org/10.1109/HICSS.2006.405	conference	January 2006
Modeling safety and security interdependencies with BDMP (Boolean logic Driven Markov Processes) Pietre-Cambacedes, Ludovic; Bouissou, Marc 2010 IEEE International Conference on Systems, Man and Cybernetics https://doi.org/10.1109/ICSMC.2010.5641922	conference	October 2010
Stuxnet: Dissecting a Cyberwarfare Weapon Langner, Ralph IEEE Security & Privacy Magazine, Vol. 9, Issue 3 https://doi.org/10.1109/MSP.2011.67	journal	May 2011
A Fuzzy Probability Bayesian Network Approach for Dynamic Cybersecurity Risk Assessment in Industrial Control Systems Zhang, Qi; Zhou, Chunjie; Tian, Yu-Chu IEEE Transactions on Industrial Informatics, Vol. 14, Issue 6 https://doi.org/10.1109/TII.2017.2768998	journal	June 2018
Multilayer Data-Driven Cyber-Attack Detection System for Industrial Control Systems Based on Network, System, and Process Data Zhang, Fan; Kodituwakku, Hansaka Angel Dias Edirisinghe; Hines, J. Wesley IEEE Transactions on Industrial Informatics, Vol. 15, Issue 7 https://doi.org/10.1109/TII.2019.2891261	journal	July 2019
Multimodel-Based Incident Prediction and Risk Assessment in Dynamic Cybersecurity Protection for Industrial Control Systems Zhang, Qi; Zhou, Chunjie; Xiong, Naixue IEEE Transactions on Systems, Man, and Cybernetics: Systems, Vol. 46, Issue 10 https://doi.org/10.1109/TSMC.2015.2503399	journal	October 2016
A Risk-Based Dynamic Decision-Making Approach for Cybersecurity Protection in Industrial Control Systems Qin, Yuanqing; Zhang, Qi; Zhou, Chunjie IEEE Transactions on Systems, Man, and Cybernetics: Systems, Vol. 50, Issue 10 https://doi.org/10.1109/TSMC.2018.2861715	journal	October 2020
On The Quantitative Definition of Risk Kaplan, Stanley; Garrick, B. John Risk Analysis, Vol. 1, Issue 1 https://doi.org/10.1111/j.1539-6924.1981.tb01350.x	journal	March 1981
A Comprehensive Network Security Risk Model for Process Control Networks Henry, Matthew H.; Haimes, Yacov Y. Risk Analysis, Vol. 29, Issue 2 https://doi.org/10.1111/j.1539-6924.2008.01151.x	journal	February 2009
Probabilistic Risk Analysis and Terrorism Risk Ezell, Barry Charles; Bennett, Steven P.; von Winterfeldt, Detlof Risk Analysis, Vol. 30, Issue 4 https://doi.org/10.1111/j.1539-6924.2010.01401.x	journal	April 2010
HAZID, A Computer Aid for Hazard Identification McCoy, S. A.; Wakeman, S. J.; Larkin, F. D. Process Safety and Environmental Protection, Vol. 77, Issue 6 https://doi.org/10.1205/095758299530242	journal	November 1999
Introduction of a Cyber Security Risk Analysis and Assessment System for Digital I&C Systems in Nuclear Power Plants Lee, Cheol-Kwon IFAC Proceedings Volumes, Vol. 46, Issue 9 https://doi.org/10.3182/20130619-3-RU-3018.00311	journal	January 2013
An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System Kure, Halima; Islam, Shareeful; Razzaque, Mohammad Applied Sciences, Vol. 8, Issue 6 https://doi.org/10.3390/app8060898	journal	May 2018
A Cyber Security risk Assessment for the Design of i&c Systems in Nuclear Power Plants Song, Jae-Gu; Lee, Jung-Woon; Lee, Cheol-Kwon Nuclear Engineering and Technology, Vol. 44, Issue 8 https://doi.org/10.5516/NET.04.2011.065	journal	December 2012
An Analysis of Technical Security Control Requirements for Digital i&c Systems in Nuclear Power Plants Song, Jae-Gu; Lee, Jung-Woon; Park, Gee-Yong Nuclear Engineering and Technology, Vol. 45, Issue 5 https://doi.org/10.5516/NET.04.2012.091	journal	October 2013

Similar Records

Cyber-CHAMP White Paper

Technical Report · Tue Feb 28 23:00:00 EST 2023 · OSTI ID:1975276

Identification of Significant NPP Cyber-Attack Scenarios based on Risk Information

Journal Article · Fri Jul 01 00:00:00 EDT 2016 · Transactions of the American Nuclear Society · OSTI ID:23042720

Cyber Risk Considerations for Nuclear Digital I&C Systems

Book · Thu Jan 18 23:00:00 EST 2024 · OSTI ID:2335472

Related Subjects

21 SPECIFIC NUCLEAR REACTORS AND ASSOCIATED PLANTS
Bayesian network
cybersecurity
digital instrumentation and control
nuclear power plants
risk assessment

Overview and Recommendations for Cyber Risk Assessment in Nuclear Power Plants

Citation Formats

References (30)

Similar Records

Related Subjects