SBIR/STTR Award attributes
With the expectation of global nuclear energy to continue growth for the next several decades, the threat of cyber attacks will follow due to the increasing importance of the energy sector, emerging technologies and the continuously evolving capabilities of potential adversaries. Current accepted approaches for managing cyber risks focus on preventing access to critical systems by using tools such as firewalls, antivirus programs, unidirectional gateways and employing air gaps. The significance of the problem, and the subsequent opportunity, lies at the intersection of not only understanding the threat posed by cyber attacks but the associated impacts of those attacks, specifically as it pertains to the unique nature of nuclear power plant operations and implementation through current regulations. To address the unique issues facing cybersecurity for nuclear power plants and support the assurance necessary to satisfy regulations, e.g., 10 CFR 73.1, 73.54, etc., cybersecurity for nuclear power plant operations must be considered from both the component and data perspectives. Therefore, the necessary assurance that licensees provide to satisfy 10 CFR 73.54 can be readily augmented by incorporating cyber resiliency to potentially go beyond 10 CFR 73.1 with a predictive understanding of cyber attack impacts to promote safe, effective nuclear power plant operations, even in the event of a cyber attack. As a result, the ability to mitigate damage (systems, processes, etc.) and maintain operations once systems or data have been compromised, i.e., cyber resilience and reliability, must become an operational imperative for critical infrastructure. Our proposed ThreatHelm solution provides nuclear energy system designers, operators, and researchers with a cyber resiliency analysis capability to identify and model the characteristics of a nuclear power plant Instrumentation and Control (I&C) system under cyber-attack and identify associated cyber risk impacts. ThreatHelm provides a predictive capability for impacts to nuclear power plant operations due to cyber attacks, promoting cyber resilient nuclear power plants and operations. This cyber resiliency insight can then be used to impact and support the secure design for the existing reactor fleet and future control systems for advanced reactors. The goal of Phase I is to develop, integrate and demonstrate our cyber resiliency analysis solution, ThreatHelm. In support of this goal we will complete the following Technical Objectives: 1) Map ThreatHelm operational Notional Small Modular Reactor (NSMR) model within 75% accuracy of actual small nuclear reactor (SMR), 2) Baseline cyber attacks against NSMR which achieve greater than 60% operations degradation, 3) Reduce cost of data validation and internal risk mitigation by 60% and 4) Verify Response Trees which provide the best success path to maintain nuclear power plant operations resulting in mitigation of cyber attacks and achieve within 10% of nominal operations. Achieving these technical objectives results in an initial design and demonstration of the concept to prove feasibility in Phase I. A successful Phase I provides the basis to extend the concept and develop a ThreatHelm prototype in Phase II that can be deployed within designated SMR environments in Phase III for assessment purposes. The commercial applications for this effort include manufacturers of small modular reactors. The technical benefits include providing a tool to support secure reactor designs, updates, and maintenance of current reactor fleet to foster greater cyber resiliency and mitigate cyber attacks more effectively, promoting continued, safe operations of the current and improvements to the reactor fleet. Additionally, ThreatHelm will support nuclear power plant designers, operators, and researchers and facilitate the secure design of future control systems for the existing fleet and advanced reactors. The resulting product is the ThreatHelm tool comprised of mission thread analysis, data integrity, and visualization technologies that ingests cyber threat and nuclear power plant information and outputs validated Response Trees to provide a “best path” to maintain nuclear power plant operations in the event of a cyber attack.
