Publications

Publications / Conference Poster

Nuclear power plant instrumentation and control cyber security common vector access leading to relational common cause failures

Turner, Phillip L.; McCrory, Fredrick M.; Dawson, Lon A.

Nuclear power plants and facilities have been implementing digital system upgrades into their previously analog systems for well over twenty years. New nuclear facilities’ control, security, and emergency preparedness systems are almost exclusively built on digital architectures with a high degree of communication between the various systems that are often integrated together into a central control station to aid in operation or security of the facility. As digital systems become more widespread in nuclear facility control system architectures, cyber security related issues have become a significant concern to operators, regulators, governments, and other groups. Among the many concerns related to digital systems and cyber security is the area of common cause and common mode failures. This paper introduces, defines, and discusses some sources of common cause failure from a cyber security perspective: common vector access. This refers to specific access points that an adversary can exploit through a single attack sequence that have the potential to provide relational failures through common cause on multiple components, subsystems, systems, or plants. This paper will further discuss interconnected processes where these access points may exist, the importance of limiting or controlling these pinch points, and some methods of protecting common vector access points.