Cyber Security Modeling of Non-Critical Nuclear Power Plant Digital Instrumentation

MacLean, Trevor; Borrelli, Robert; Haney, Michael

doi:10.1007/978-3-030-34647-8_5

Trevor MacLean¹⁷,
Robert Borrelli¹⁷ &
Michael Haney¹⁷

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 570))

Included in the following conference series:

International Conference on Critical Infrastructure Protection

640 Accesses

Abstract

This chapter examines potential attack vectors that exist in a nuclear power plant and correlates the likelihood of an attack from each vector. The focus is on the boron monitoring system, which directly affects the reactivity in the core; cyber attacks on this system can lead to increased core wear, unsafe reactivity levels and poor power performance. A mockup model is developed using open-source software and hardware, which is tested to evaluate the potential of cyber attacks. A man-in-the-middle attack is implemented to demonstrate a cyber attack and its potential effects. Additionally, a redundancy-based cyber attack mitigation method is implemented using a hardware device that compares the input/output values of multiple programmable logic controllers. The approach for modeling general attack and defense steps is applicable to industrial control systems in the energy sector.

Download to read the full chapter text

Chapter PDF

An analytical method for developing appropriate protection profiles of Instrumentation & Control System for nuclear power plants

Article 13 April 2017

Cyber-Physical Security

The Software Security Analysis for Digital Instrumentation and Control Systems of NPPs

Keywords

References

A. Abbasi, M. Hashemi, E. Zambon and S. Etalle, Stealth low-level manipulation of programmable logic controller I/O by pin control exploitation, in Critical Information Infrastructures Security, G. Havarneanu, R. Setola, H. Nassopoulos and S. Wolthusen (Eds.), Springer, Cham, Switzerland, pp. 1–12, 2017.
Google Scholar
T. Alves, OpenPLC (www.openplcproject.com), 2019.
T. Alves and T. Morris, OpenPLC: An IEC 61131-3 compliant open source industrial controller for cyber security research, Computers and Security, vol. 78, pp. 364–379, 2018.
Google Scholar
J. Dederer, W. Brown and F. Vereb, Alternate Passive Spent Fuel Pool Cooling Systems and Methods, U.S. Patent No. 9646726 B2, May 9, 2017.
Google Scholar
M. Denzel, M. Ryan and E. Ritter, A malware-tolerant, self-healing industrial control system framework, in ICT Systems Security and Privacy Protection, S. De Capitani di Vimercati and F. Martinelli (Eds.), Springer, Cham, Switzerland, pp. 46–60, 2017.
Google Scholar
S. East, J. Butts, M. Papa and S. Shenoi, A taxonomy of attacks on the DNP3 protocol, in Critical Infrastructure Protection III, C. Palmer and S. Shenoi (Eds.), Springer, Berlin Heidelberg, Germany, pp. 67–81, 2009.
Google Scholar
M. Elakrat and J. Jung, Development of a field programmable gate array based encryption module to mitigate man-in-the-middle attacks on nuclear power plant data communication networks, Nuclear Engineering and Technology, vol. 50(5), pp. 780–787, 2018.
Google Scholar
E. Gergely, D. Spoiala, V. Spoiala, H. Silaghi and Z. Nagy, Design framework for risk mitigation in industrial PLC control, Proceedings of the IEEE International Conference on Automation, Quality and Testing, Robotics, pp. 198–202, 2008.
Google Scholar
P. Huitsing, R. Chandia, M. Papa and S. Shenoi, Attack taxonomies for the Modbus protocols, International Journal of Critical Infrastructure Protection, vol. 1, pp. 37–44, 2008.
Google Scholar
Joint Task Force Transformation Initiative, Guide for Conducting Risk Assessments, NIST Special Publication 800-30, Revision 1, National Institute of Standards and Technology, Gaithersburg, Maryland, 2012.
Google Scholar
D. Kim, Cyber security issues imposed on nuclear power plants, Annals of Nuclear Energy, vol. 65, pp. 141–143, 2014.
Google Scholar
C. Poresky, C. Andreades, J. Kendrick and P. Peterson, Cyber Security in Nuclear Power Plants: Insights for Advanced Nuclear Technologies, Technical Report UCBTH-17-004, Department of Nuclear Engineering, University of California, Berkeley, Berkeley, California, 2017.
Google Scholar
ScadaBR Project Team, ScadaBR (sourceforge.net/p/scadabr/wiki/Home), 2019.
Google Scholar
J. Song, J. Lee, C. Lee, K. Kwon and D. Lee, A cyber security risk assessment for the design of I&C systems in nuclear power plants, Nuclear Engineering and Technology, vol. 44(8), pp. 919–928, 2012.
Google Scholar

Download references

Author information

Authors and Affiliations

Univerisity of Idaho, Idaho Falls, Idaho, USA
Trevor MacLean, Robert Borrelli & Michael Haney

Authors

Trevor MacLean
View author publications
You can also search for this author in PubMed Google Scholar
Robert Borrelli
View author publications
You can also search for this author in PubMed Google Scholar
Michael Haney
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Haney .

Editor information

Editors and Affiliations

Tandy School of Computer Science, University of Tulsa, Tulsa, OK, USA
Jason Staggs
Tandy School of Computer Science, University of Tulsa, Tulsa, OK, USA
Sujeet Shenoi

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

MacLean, T., Borrelli, R., Haney, M. (2019). Cyber Security Modeling of Non-Critical Nuclear Power Plant Digital Instrumentation. In: Staggs, J., Shenoi, S. (eds) Critical Infrastructure Protection XIII. ICCIP 2019. IFIP Advances in Information and Communication Technology, vol 570. Springer, Cham. https://doi.org/10.1007/978-3-030-34647-8_5

Download citation

DOI: https://doi.org/10.1007/978-3-030-34647-8_5
Published: 19 November 2019
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34646-1
Online ISBN: 978-3-030-34647-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

The International Federation for Information Processing (opens in a new tab)