Application of Probabilistic Risk Assessment to Cyber Security of a Nuclear Power Plant

Abstract

In the last couple of decades, analog instrumentation and control (I&C) systems have been replaced by digital I&C systems in a nuclear power plant (NPP). However, cyber-attack on overall industry including NPPs, has emerged as one of new dangerous threats to digital systems. Once an accident including a cyber-attack occurs in an NPP, the consequences could be significant. Thus, development of cyber security for protecting critical digital assets (CDAs) in an NPP is necessary. However, it is hard to protect all CDAs because that there are too many CDAs in an NPP. To develop more efficient risk-informed cyber security strategies, probabilistic risk assessment (PRA) which is one of the popular methods to assess the risk of an NPP, is used. To assess the risk of cyber-attacks on an NPP, basic events categorization and importance analysis was performed. Also, new risk metrics for assessing the risk of cyber-attack is proposed. In this work, the risk of cyber-attack was assessed using PSA method and model of the NPP to identify risk significant CDAs. It could be applied to develop risk-informed cyber security strategies or to regulate PSA model for important and feasible cyber-attack scenarios.