Sandia LabNews

Sandia partners with other labs to bolster nuclear security


Exercise simulates dual attack on nuclear power plant

DUAL ATTACK — Sandia global security staff works with a team from a private Canadian nuclear power plant during a cyberattack exercise on May 17. The mock cyberattack was followed by a simulated physical intrusion. The exercise was the culmination of two-year project involving Sandia, Idaho National Laboratory and Canadian Nuclear Laboratories. (Photo by Craig Fritz)
DUAL ATTACK — Sandia global security staff works with a team from a private Canadian nuclear power plant during a cyberattack exercise on May 17. The mock cyberattack was followed by a simulated physical intrusion. The exercise was the culmination of two-year project involving Sandia, Idaho National Laboratory and Canadian Nuclear Laboratories. (Photo by Craig Fritz)

Sandia is collaborating with international partners to collect data to better protect nuclear sites from cyberattacks and physical intrusions. As part of the multiyear research project with Canadian Nuclear Laboratories, Sandia developed software to emulate a cyberattack on a site’s central alarm station during exercises, with the goal of improving overall security.

“Cyberattacks are becoming more frequent and more sophisticated. Nuclear facilities must now be prepared to address cyberthreats as well as more traditional threats to the physical security of a facility,” said Matthew Erdman, Sandia’s project lead for global security. “We’re developing a methodology and process to help facilities exercise their response capabilities and increase preparedness against all threats.” The blended attack exercise, which tested both cyber and physical security capabilities during one event, took place May 17 at Sandia New Mexico.

Developing software to test cybersecurity

One of the challenges in this project was figuring out how to carry out a mock cyberattack without it having real-life impacts to the site’s central alarm station. That’s where Andrew Hahn and Michael Rowland, cybersecurity experts at Sandia, came in. They developed the operating system and software platforms that can emulate a cyberattack without altering the central alarm system. “A cybersecurity exercise is one of the best ways to test a cyber program’s effectiveness, train staff and increase awareness,” Michael said. One platform developed is like an app that can be switched on during training to give symptoms of a cyberattack in a central alarm system. “The software is designed to have realistic effects without altering or compromising the operation of a site’s systems, allowing a site to measure its preparedness and response to a cyberattack,” Michael said.

Test time

About 100 people participated and observed as a private Canadian nuclear power plant’s cyber and physical security organizations were put to the test at the Nuclear Security Technology Complex. The complex is a mock nuclear reactor site at Sandia that’s used to train partners on how to keep nuclear sites secure. “We have this fantastic capability at the Nuclear Security Technology Complex that emulates what a real high-security nuclear site looks like. That allows us to create a scenario as close to the real world as possible,” Matthew said.

Observers gathered in a Sandia conference room to watch the exercise unfold from several live feeds, including one from the mock central alarm station. Employees from Idaho National Lab helped design the mock cyberattacks. The app worked, providing symptoms of a breach. The cybersecurity staff of the Canadian nuclear power plant had to respond to these symptoms and coordinate with the physical security staff.

Physical intrusion

DOUBLE THREAT — Armed with fake weapons, Sandia’s Protective Force played both the intruders and responders during a physical intrusion exercise with Canadian Nuclear Laboratories on May 17. The exercise demonstrated how a cyberattack can be a precursor to a physical attack. (Photo by Craig Fritz)
DOUBLE THREAT — Armed with fake weapons, Sandia’s Protective Force played both the intruders and responders during a physical intrusion exercise with Canadian Nuclear Laboratories on May 17. The exercise demonstrated how a cyberattack can be a precursor to a physical attack. (Photo by Craig Fritz)

The players in the exercise did not know beforehand when or where on the site the physical breach would take place. Two members of Sandia’s Protective Force stormed the Nuclear Security Technology Complex for the physical attack portion of the exercise. Another portion of Sandia’s Protective Force was on the responding side and was able to successfully stop the intruders. “This exercise was very successful. We’ve seen a great level of engagement from our Canadian partners, who were the players in this exercise,” said Sondra Spence from Sandia’s global security. “We’ve learned a lot of positive lessons along the way.”

Workers from the nuclear power plant will decide what changes to make to enhance security, based on what they learned during the exercise.

What’s next?

Sandia will be open-sourcing parts of the software it developed and is hoping to leverage external partners to minimize the costs of development. “One of our main goals is to develop the software platform to a point where we reduce the time and number of people it takes to perform one of these exercises,” Michael said. “This will allow more sites to be able to use this tool to enhance their site security and readiness.”

Matthew anticipates Sandia will host more blended exercises in the future. “This is a good example of how world-class laboratories are teaming up to create stronger security for nuclear sites worldwide,” he said.

Recent articles by Kenny Vigil