A Monte Carlo-based exploration framework for identifying components vulnerable to cyber threats in nuclear power plants

With the extensive use of digital Instrumentation and Control (I&C) systems, Nuclear Power Plants (NPPs) are becoming Cyber-Physical Systems (CPSs). Their integrity can, then, be compromised also by security breaches (such as cyber attacks). Multiple failure modes (such as bias, drift and freezing) can occur, both due to random failures or induced by malicious external attacks. In this paper, we illustrate an exploration approach that, based on safety margins estimation, allows identifying the most vulnerable components to malicious external attacks. For demonstration, we apply the approach to the Advanced Lead-cooled Fast Reactor European Demonstrator (ALFRED). Its object-oriented model is embedded within a Monte Carlo (MC)-driven engine that injects different types of cyber attacks at random times and magnitudes. Safety margins are, then, calculated and used for identifying the most vulnerable CPS components. This allows selecting protections to make ALFRED resilient towards maliciously induced failures.