Nuclear Facilities and Cyber Threats

Abstract

The exponential growth of digital technologies experienced in the last decades has shaped contemporary societies so thoroughly to earn the definition of digital revolution or third industrial revolution. Along with the penetration rate of digital technologies, concerns about systems' vulnerability and the disruptive potential of malicious attacks have rapidly risen among governments and industries as much as in the eye of public opinion. Such concerns are all the more motivated when referring to the nuclear power industry which, due to historical and safety reasons, appears to be more unprepared and vulnerable to cyber threats than its industrial counterparts. While the isolation of plants' control network from the public internet, generally referred as air-gap, has for long nurtured the belief of security of nuclear power plants, recent events (e.g. Stuxnet worm) have shown the inadequacy of this countermeasure. Moreover, the progressive shift from obsolete analogue industrial and control systems to digital solutions, and the growing capabilities of attackers, are exacerbating the urge for novel strategies able to overcome the inadequacy of traditional risk assessment techniques in addressing such threats. This study focuses on cyber security challenges peculiar to the nuclear industry and argues the need for novel tools and radically new approaches to assess and mitigate the vulnerability of nuclear facilities to cyber threats. In order to achieve a full understanding of common attack mechanisms, relevant cyber threats targeting the instrumentation and control system of a generic nuclear power plant have been modelled graphically using a Petri net approach.