With the increasing application of digital technologies in I&C systems, traditional protection strategy that depends on physical isolation is not enough. The I&C system is a type of cyber physical system, so it faces cyber security problems. Difficulties of cyber security in I&C systems are in three aspects. First, because I&C systems connect with process devices, cyber security of I&C systems...
The quantity and capability of cyber-attacks targeting Industrial Control System (ICSs) is growing rapidly. The integration of digital technology and communication channels in Nuclear Power Plants (NPPs) introduces vulnerabilities to cyber-attacks that may threaten the safety and operation of nuclear power facilities. Current efforts in developing and deploying cybersecurity...
One challenge of the risk management process for cyber security within nuclear facilities is understanding how to create scenarios to test deployed security controls that are representative of how threat actors operate. The challenge to creating these scenarios is centered on three issues. First, the complexity of systems and components (assets) at nuclear facilities makes for an expansive...
This work presents the development of a nuclear power plant (NPP) simulator suitable for cyber security assessment. The NPP model is based on a pressurized water reactor (PWR) implemented using Matlab/Simulink. The Matlab/Simulink model, the Asherah NPP Simulator (ANS), simulates nuclear processes and controller’s system dynamics. ANS has been developed by the University of Sao Paulo, Brazil,...
Cyber security has been object of study since the beginning of the digital era. However, until the 2010 Stuxnet case in the Iran's enrichment facility at Natanz, most of world’s cyber security concerns were directed to the theft of sensitivity information. Due to its specially designed attributes, Stuxnet is considered the first “weapons grade computer virus” [1] [2] [3].
After the Natanz...
Nuclear power plants are complex systems with critical controls and measures implemented by computers and dedicated programmable logic controllers. These end devices are grouped into different security levels and zones and are connected by computer networks forming a complex trust relationship between the entities. The boundaries of the zones are separated by specialized security systems, e.g....
