Development of cyber-attack complexity evaluation model for cyber security of nuclear power plants

Abstract

As adoption of digital technology in instrument and control (I&C) systems of nuclear power plants (NPPs), cyber-attacks have emerged as one of new dangerous threats. NPPs must be defended in any situation including cyber-attack scenarios because once cyber-attacks are success to effect digital I&Cs in NPPs that could have severe consequences. Therefore, it is necessary to develop cyber security against cyber-attacks considering specific characteristics of NPPs. To develop effective strategies for cyber security, the risk of a cyber-attack on an NPP should be evaluated quantitatively. The aim of this work is to estimate cyber-attack complexity considering specific characteristics of NPPs for developing effective cyber security. To estimate complexity of cyber-attacks, a complexity evaluation model for NPPs was developed based on Bayesian belief network (BBN). By using the developed model, relative complexities of cyber-attack scenarios can be evaluated quantitatively. It is expected that this method can be applied not only to provide quantitative evaluated information of cyber-attack complexities for assessing the risk of cyber-attacks on an NPP, but also to evaluate the effectiveness of developed defense strategies for cyber security quantitatively.