6th Annual Industrial Control Cyber Security USA

Secure from what or whom? Fundamentally, control systems were not originally designed with security as a primary driving factor. What types of designs would be resilient to various classes of a cyber attack? How do you implement a robust security architecture without compromising the safety and reliability of the system?

• The next generation of US commercial nuclear power plants, now under construction, uses digital control systems to monitor plant conditions and control plant functions. Current fleet plants require cost-effective and secure digital systems to improve operational efficiency and save costs. There are significant benefits to digital control systems, but they come with potential vulnerabilities to cyber-attacks and/or digital failure. It is crucial that the next generation ICS are proven secure and credited for passively safe designs.
• The DOE-NE have stood up a cybersecurity research and development program to enable science-based methods and technologies necessary for cost-effective, cyber-secure digital instrumentation, control and communication in collaboration with nuclear energy stakeholders. This program is managed jointly by Sandia National Laboratories (SNL) and Idaho National Laboratories (INL).
• Part of this program is a research thrust called Secure Architectures to establish a science-based foundation to inform the fundamental architectural features, design requirements, and operational standards for nuclear facility digital systems. Activities currently in progress at SNL under this thrust include establishing a capability to perform empirical analysis to rank the security effectiveness of proposed enhancements and new control system designs.
• The use of high fidelity simulation enables the advancement and docketing of advanced reactor designs. The ability to run realistic tests to ensure the strength of the digital systems will advise the development of new procedures, training and design for upgrades to the existing fleet and advanced reactors and has the potential to inform the new regulatory requirements that will be created for future designs.
• Due to the complexity of digital control system, it is difficult if not impossible to fully inspect systems at installation, so our program also includes a Supply Chain Risk Management R&D thrust to deliver science-based tools, methodologies, and guidelines for cyber-resistant supply chains, procurement standards, and supplier validation.