IAEA Coordinated Research Projects (CRP)
Robustness of Digital Instrumentation and Control (I&C) Systems in Nuclear Power Plants Against Malicious Acts
Cybersecurity is currently the object of much attention, in a large part due to the pervasiveness and critical roles of digital systems in modern societies. Similarly, digital I&C systems and equipment play an increasing role in NPPs, either through initial design or through I&C modernizations and upgrades. Malicious attacks on these systems could have serious effects on plant safety, which in turn could lead to severe, unacceptable, societal consequences. Also, particularly in countries where nuclear power represents a significant part of electricity production, NPPs availability and performance can be of vital economic and societal interest. In addition, vulnerability of NPP systems to malicious attacks could undermine the public acceptance of nuclear power.
Solutions good for IT systems are not always applicable to digital I&C systems in NPPs
Very significant efforts have already been devoted to the general issue of cybersecurity, resulting in various approaches, methods, techniques, standards, regulatory requirements and guidelines. However, these results were mainly developed for, and applied to, general Information Technology (IT) systems, and are not always directly applicable, and should not be applicable, to NPP digital systems, especially in systems important to safety.
In particular, most of these NPP systems are, to various degrees, of importance to plant safety, availability and / or performance. Most of these systems are also real-time systems, the actions of which must be performed within strict time intervals. Examples of such actions are reactor trips, limitation actions, alarms signalling to operators. Therefore, it is absolutely essential that cybersecurity measures do not risk preventing or delaying necessary actions. This is particularly true for actions also involving human actions, like those of control-room or field operators. It is equally important that cybersecurity measures do not risk causing spurious or incorrect actions that could lead to plant trips, plant equipment damage, or worse, accident conditions.
Such risks could occur if cybersecurity measures introduce additional complexity in the system design to the point where verification and validation (V&V) is less effective and there is an increased potential for failure due to unnecessary complex designs. For example, whereas encryption is a cybersecurity technique commonly used in IT Systems, it is generally avoided in I&C systems.
Similarly, cybersecurity measures should not add significant complexity to, or lengthen, plant and I&C systems operation and maintenance activities, such as surveillance, diagnostics, repairing and recovery from failures.
NPP digital I&C systems have specific cybersecurity needs
Another reason why cybersecurity measures applicable to IT systems are not always appropriate to NPP digital systems is that NPP digital systems have distinct cybersecurity needs. In particular, most NPP systems put a lesser emphasis on information confidentiality (e.g. access to temperature and pressure data does not in itself lead to direct threats on the plant), and a higher emphasis on system and information integrity (e.g. prevention of unauthorised changes, preclusion of undetected modifications) and system availability.
The overall objectives of the proposed CRP is to strengthen Member States' capabilities for optimization of nuclear power plants performance and service life by means of improved understanding of the related engineering and management areas of cyber security. This includes making appropriate measures against malicious acts targeting the digital I&C systems of NPPs.
The results of this CRP are planned to be published in a Nuclear Energy Series document when the work of the CRP is completed. Due to the sensitive nature of the subject, the distribution of the report should be restricted. Constrains of confidentiality should also be placed on the developing and execution process of the CRP.
After completing the tasks under this CRP, recommendations to NPP utilities, regulatory bodies, and I&C vendors may be available. Gaps in various national and international standards, guidelines and good practice documents will be identified, to which participants can direct future research activities to improve the resistance of NPP digital I&C systems to malicious acts.
A list of examples of potential participating organizations is presented below:
NPP I&C vendors: Invensys, Areva, Radiy, Westinghouse/Toshiba, GE/Hitachi, Rolls-Royce, Alstom Power, Atos Origin, SNIIP, VNIIAES, Doosan, Mitsubishi, Siemens, AECL
Utilities: EDF, EPRI, OPG, Bruce Power, KHNP, Tepco, Oskarshamn, Ringhals, Forsmark, Paks
Regulatory bodies and their TSOs: IRSN, ISTec, KINS, STUK, VTT, NRC, HSE, FANR, SSM
Research organisation: KAERI, INL, SNL, ORNL
International organisations: WINS, EC-JRC, NEA
Please contact NENP Engineering Section - Contact Point if you have any questions.