American Nuclear Society
Home

Home / Publications / Journals / Nuclear Technology / Volume 209 / Number 3

Overview and Recommendations for Cyber Risk Assessment in Nuclear Power Plants

Fan Zhang, Kevin Kelly

Nuclear Technology / Volume 209 / Number 3 / March 2023 / Pages 488-502

Technical Paper—Instrumentation and Controls / dx.doi.org/10.1080/00295450.2022.2092356

Received:December 14, 2021
Accepted:June 8, 2022
Published:February 6, 2023

Digital instrumentation and control (I&C) systems are being deployed in nuclear power plants (NPPs) for both existing and advanced reactor designs. As I&C systems become more digitized to allow features like near autonomous control and remote operation, they introduce greater cyber risk to NPPs. Cyberattacks targeting industrial control systems (ICSs) are growing in both qualities and capabilities, which indicates that cybersecurity needs to be an integral part of risk assessment in the industry. Although there are some risk assessment methods in traditional information technology (IT) cybersecurity, the differences between IT and ICS cybersecurity make it infeasible to apply these risk assessment methods directly to ICSs. Some research has focused on risk assessment methods for ICSs, but few studies focus on applications to NPPs. Ideal risk frameworks for the nuclear industry are dynamic and account for system dependencies; this survey review focuses on such risk assessment methods both in and outside the nuclear field. The major challenges in cybersecurity risk assessment research are pointed out, and further research suggestions and considerations for cyber risk assessment in I&C systems are identified.