Digital Risk Analysis in Nuclear Engineering Projects: Designing for Safety, Performance, Reliability, and Security

Abstract

Cyber-informed engineering and security-by-design frameworks are important in promoting the need to identify cybersecurity concerns early in the systems engineering lifecycle so risks from adversarial cyber-attacks can be eliminated or reduced through engineering design practices. In addition to adversarial risk, risk in operational technology systems also includes non-adversarial and unintentional risk from other factors such as human performance errors, environmental conditions, design flaws, and device degradation or failure. This paper introduces a new concept for characterizing digital risk, both adversarial and non-adversarial, and provides the basis for initial research into a novel digital risk analysis approach focused on incorporating attack difficulty into a multi-attribute analysis technique using robust decision-making. This digital risk characterization is also used to frame a discussion on the challenges of competing objectives and competing stakeholder requirements in an integrated energy system project that incorporates a small modular reactor and industrial facility.