Publications
Risk informed cyber security for nuclear power plants
Nuclear power plants are increasingly adding digital components for plant operation, safety, and security. These digital components fill a gap with legacy equipment where replacement components no longer exist. They also benefit operation of the plant by increasing efficiency in power generation, monitoring of equipment and plant parameters, as well as aiding operator control. However, the addition of digital components and systems also adds cyber risks with previously unanalyzed failure modes and attack vectors are introduced with these new systems. These risks are difficult to identify, analyze, and mitigate due to the increasingly complex nature of the digital components and the integration of these components with additional plant processes and communication networks. The research presented in this paper develops a new method that addresses the cyber risk to inform appropriate levels of protection. EPRI and Sandia are working under a Cooperative Research and Development Agreement to develop an effective method of evaluating the cyber risk in production nuclear power facilities. The Cyber Hazards Analysis Risk Methodology (CHARM) focuses on ensuring adequate controls are in place for appropriate cyber protection of the plant from radiological release or generation risk. Existing plant hazards analyses (e.g., PRA, FTA) do not account for software deficiencies or adversarial intent. This method leverages existing plant analyses and MIT’s Systems Theoretic Process Analysis (STPA) to create cyber informed fault trees. These new fault trees will provide the basis for comprehensive cyber risk analysis and help ensure potential gaps in cyber security controls are identified and corrected.