Cyber security for nuclear facilities

Abstract

The digital revolution that began in the late twentieth century has transformed every facet of modern life and applications. The application of digital controls in the nuclear industry has led to an important change in the design of engineering systems and their management, operations, and maintenance. Digital controls bring superior performance, design flexibility, and lower costs. Every industry, including the energy sector, is undergoing a digital transformation to benefit from these advances. Nuclear facilities, especially nuclear power plants (NPPs), have been relatively slow to the adoption of digital transformation due to concerns about cyber threats. Analogue systems are significantly more isolated than digital ones; isolated systems limit points of entry and hence reduce the attack surface, although are still vulnerable to insider threats. Nuclear facilities involve operational technology, which poses its own unique security challenges that must be addressed before NPPs can deploy broad scale digitization. Despite such concerns, digital systems can increasingly be found in nuclear facilities as demand grows for increased productivity, predictability, reliability, and modernization of operations. The chapter addresses five key areas related to securing the digital assets at nuclear facilities: understanding the attack surface; graded protection and nuclear facility architectures; cyber threat actor capabilities against nuclear facilities; inclusion of cyber security in the risk management plan; and defensive operations and incident response.