Robust localized cyber-attack detection for key equipment in nuclear power plants

Most nuclear power plants (NPPs) are looking deploying digital instrumentation and control (I&C) systems, which allow for more precise control and more economical operation. However, both the quantity and capability of industrial control system (ICS)-targeted cyber-attacks have grown dramaticall...

Full description

Saved in:
Bibliographic Details
Published in:Progress in nuclear energy (New series) 2020-10, Vol.128, p.103446, Article 103446
Main Authors: Zhang, Fan, Coble, Jamie B.
Format: Article
Language:English
Subjects:
Actuators
Anomalies
Boilers
Control equipment
Control systems
Cyber-attack detection
Cybersecurity
Data analysis
Digital I&C in NPP
Digital technology
False data injection
Firewalls
Hardware-in-the-loop (HIL)
Hardware-in-the-loop simulation
Industrial control system (ICS)
Industrial electronics
Inference
Intrusion detection systems
IP (Internet Protocol)
Monitoring
Nuclear energy
Nuclear power plants
Pressurized water reactors
Programmable logic controller (PLC)
Programmable logic controllers
Sensors
Shutdowns
Signal reconstruction
Simulation
Subsystems
Technology adoption
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Most nuclear power plants (NPPs) are looking deploying digital instrumentation and control (I&C) systems, which allow for more precise control and more economical operation. However, both the quantity and capability of industrial control system (ICS)-targeted cyber-attacks have grown dramatically over recent years. Therefore, one of the most significant challenges that digital I&C systems bring is the issue of cybersecurity, which should be enhanced before their deployment. Several different types of cyber-attacks can be introduced to NPPs; a false data injection attack on key equipment is the focus of this research due to the potential severe consequences associated with such an attack. In false data injection, the attackers may alter the reading of control sensors or commands to change the operation of an NPP. Current cybersecurity efforts focus on intrusion prevention by firewalls or data-flow direction control and use commercial intrusion detection systems, which usually focus on monitoring Internet Protocol (IP) addresses, ports, and payload length. However, attention should be given to conditions where these approaches can fail, such as an insider attack. Previous research based on process data shows the potential of a last defenseâ, line using online monitoring of the process data in concern with cyber data analysis. However, existing models involve different subsystems across the whole NPP, which has a wide attack surface and may require high computing cost. This holistic approach may not meet the time-sensitive requirements imposed upon I&C systems. This paper proposes a localized kit for key equipment in a process as a complementary detection method to improve the robustness of key equipment under cyber-attacks. Compared to existing models, this reduces the number of variables used in the model and significantly improves the computational speed. It also reduces the attack surface by limiting the data acquisition locally. This localized kit includes a cyber-attack detection model to detect anomalies within key components, such as the control system actuator, and an inference model to potentially reconstruct a compromised signal to allow the safe shut down. To develop and demonstrate the localized cybersecurity kit, a hardware-in-the-loop (HIL) testbed was built with a pressurized water reactor (PWR) simulator and a programmable logical controller (PLC). The PLC was programmed to control the steam generator (SG) water level at a specified set point
ISSN:0149-1970
1878-4224
DOI:10.1016/j.pnucene.2020.103446