Model-Based Cyber-Security Framework for Nuclear Power Plant

A model-based cyber-security framework has been developed to address the new challenges of cyber threats due to the increasing implementation of digital components in the instrumentation and control (I&C) system of modern nuclear power plants. The framework is developed to detect intrusions to pressurized water reactor (PWR) systems that could result in unnecessary reactor shutdown events due to out-of-range water levels of steam generators. The generation of potential attack scenarios demonstrated a process for identifying the most susceptible attack pathways and components in the I&C system. It starts with identifying two key I&C divisions of the modern AP1000 design related to the reactor trip functions, protection and safety monitoring system, and plant control system. The attack tree analysis is performed on the steam generator (SG) water level control system using the SAPHIRE 8.0.9 code. To quantify the system susceptibility to cyber-attack events, causing reactor trips, we propose sensitivity metrics to identify the low-order sets of components that may be compromised and the degree of perturbations needed for each component. The multi-path event tree (MPET) structures are developed to efficiently and intuitively display a large number of dominant or risk-significant attack scenarios instead of the traditional event trees representing minimal cut sets. A reduced order model (ROM) has been developed to efficiently represent the SG dynamics and facilitate the detection of potential cyber-attacks. The dynamic ROM is built on the energy balance equation for a single vertical boiling channel approximating a U-tube steam generator. The ROM provides an essential relationship connecting the reactor power, water level, and feedwater flow rate. An application programming interface (API) for the I&C systems serving as the interface between the RELAP5 system code and the ROM has been developed. A Kalman filtering based detection method has been proposed, providing optimal tracking of SG water level combining the uncertain simulation results with the observation data subject to statistical fluctuations. An observed plant state with significant deviation from the optimal system projection could then indicate potential intrusions into the system. Finally, a mitigation strategy considering the controller feedback is proposed to avoid the reactor trip due to attack on SG water level sensors. The worst-case attack within this issue space is defined, and the maximum delay time allowed for the mitigation is obtained.PHDNuclear Engineering & Radiological SciencesUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/162955/1/gjunjie_1.pd

Diagnostics Using Nuclear Plant Cyber Attack Analysis Toolkit

A Python interface is developed for the GPWR Simulator to automatically simulate cyber-spoofing of different steam generator parameters and plant operation. Specifically, steam generator water level, feedwater flowrate, steam flowrate, valve position, and steam generator controller parameters, including controller gain and time constant, can be directly attacked using command inject, denial of service, and man-in-the-middle type attacks. Plant operation can be initialized to any of the initial conditions provided by the GPWR simulator. Several different diagnostics algorithms have been implemented for anomaly detection, including physics-based diagnostics with Kalman filtering, data-driven diagnostics, noise profiling, and online sensor validation. Industry-standard safety analysis code RELAP5 is also available as a part of the toolkit. Diagnostics algorithms are analyzed based on accuracy and efficiency. Our observations indicate that physics-based diagnostics with Kalman filtering are the most robust. An experimental quantum kernel has been added to the framework for preliminary testing. Our first impressions suggest that while quantum kernels can be accurate, just like any other kernels, their applicability is problem/data dependent, and can be prone to overfitting.Comment: Paper has been submitted to ANS for revie

A Social Dimensional Cyber Threat Model with Formal Concept Analysis and Fact-Proposition Inference

Cyberspace has increasingly become a medium to express outrage, conduct protests, take revenge, spread opinions, and stir up issues. Many cyber attacks can be linked to current and historic events in the social, political, economic, and cultural (SPEC) dimensions of human conflicts in the physical world. These SPEC factors are often the root cause of many cyber attacks. Understanding the relationships between past and current SPEC events and cyber attacks can help understand and better prepare people for impending cyber attacks. The focus of this paper is to analyze these attacks in social dimensions and build a threat model based on past and current social events. A reasoning technique based on a novel combination of Formal Concept Analysis (FCA) and hierarchical fact-proposition space (FPS) inference is applied to build the model

A model-based validated autonomic approach to self-protect computing systems

This paper introduces an autonomic model-based cyber security management approach for the Internet of Things (IoT) ecosystems. The approach aims at realizing a self-protecting system, which has the ability to autonomously estimate, detect, and react to cyber attacks at an early stage. Our approach integrates various model-based techniques including: 1) real-time estimation and baseline security controls to predict and eliminate potential cyber attacks; 2) data analysis to identify and classify attacks; and 3) a multicriteria optimization method to select the optimal active response for deploying countermeasures while maintaining system functions. The prototype framework has been developed with a master controller virtual machine, which can be configured for various platforms. Experimental results demonstrated the effectiveness of this proposed approach in protecting a Web-based application against known and unknown attacks with little or no human intervention.Qatar National Research Fund under Grant NPRP 09-778-2-299.Scopu