Defensive Cybersecurity Architecture Design Using Force-on-Force Cyber-Physical Modeling

Currently, nuclear power plant physical security systems are highly dependent on air-gaps as a protective measure against cyber-threats. Cyber-physical threats become more likely as advanced cyber-threat capabilities to jump air-gaps transition into common use. Defending against the emerging threat of cyber-enabled physical intrusions is poorly understood. The consequence of these cyber-physical attacks has no quantitative analysis method to inform risk-informed, performance-based cybersecurity approaches. By modifying the physical security simulation tool Dante, cyber-physical threat consequence was able to be analyzed on a notional facility. The results of this analysis are used to design a Defensive Cybersecurity Architecture (DCSA) for the physical security system to produce example resilience measures for this notional facility. A DCSA defines security levels to provide a graded approach for defending plant functions, and security zones for trusted communication between systems. This approach can be applied to real world systems to produce physical protection systems and response measures that are resilient to cyber-physical threats.