Cyber Security Modeling of Non-Critical Nuclear Power Plant Digital Instrumentation

  • Trevor MacLean
  • Robert Borrelli
  • Michael HaneyEmail author
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 570)


This chapter examines potential attack vectors that exist in a nuclear power plant and correlates the likelihood of an attack from each vector. The focus is on the boron monitoring system, which directly affects the reactivity in the core; cyber attacks on this system can lead to increased core wear, unsafe reactivity levels and poor power performance. A mockup model is developed using open-source software and hardware, which is tested to evaluate the potential of cyber attacks. A man-in-the-middle attack is implemented to demonstrate a cyber attack and its potential effects. Additionally, a redundancy-based cyber attack mitigation method is implemented using a hardware device that compares the input/output values of multiple programmable logic controllers. The approach for modeling general attack and defense steps is applicable to industrial control systems in the energy sector.


Nuclear power plants digital instrumentation and control security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    A. Abbasi, M. Hashemi, E. Zambon and S. Etalle, Stealth low-level manipulation of programmable logic controller I/O by pin control exploitation, in Critical Information Infrastructures Security, G. Havarneanu, R. Setola, H. Nassopoulos and S. Wolthusen (Eds.), Springer, Cham, Switzerland, pp. 1–12, 2017.Google Scholar
  2. 2.
    T. Alves, OpenPLC (, 2019.
  3. 3.
    T. Alves and T. Morris, OpenPLC: An IEC 61131-3 compliant open source industrial controller for cyber security research, Computers and Security, vol. 78, pp. 364–379, 2018.Google Scholar
  4. 4.
    J. Dederer, W. Brown and F. Vereb, Alternate Passive Spent Fuel Pool Cooling Systems and Methods, U.S. Patent No. 9646726 B2, May 9, 2017.Google Scholar
  5. 5.
    M. Denzel, M. Ryan and E. Ritter, A malware-tolerant, self-healing industrial control system framework, in ICT Systems Security and Privacy Protection, S. De Capitani di Vimercati and F. Martinelli (Eds.), Springer, Cham, Switzerland, pp. 46–60, 2017.Google Scholar
  6. 6.
    S. East, J. Butts, M. Papa and S. Shenoi, A taxonomy of attacks on the DNP3 protocol, in Critical Infrastructure Protection III, C. Palmer and S. Shenoi (Eds.), Springer, Berlin Heidelberg, Germany, pp. 67–81, 2009.Google Scholar
  7. 7.
    M. Elakrat and J. Jung, Development of a field programmable gate array based encryption module to mitigate man-in-the-middle attacks on nuclear power plant data communication networks, Nuclear Engineering and Technology, vol. 50(5), pp. 780–787, 2018.Google Scholar
  8. 8.
    E. Gergely, D. Spoiala, V. Spoiala, H. Silaghi and Z. Nagy, Design framework for risk mitigation in industrial PLC control, Proceedings of the IEEE International Conference on Automation, Quality and Testing, Robotics, pp. 198–202, 2008.Google Scholar
  9. 9.
    P. Huitsing, R. Chandia, M. Papa and S. Shenoi, Attack taxonomies for the Modbus protocols, International Journal of Critical Infrastructure Protection, vol. 1, pp. 37–44, 2008.Google Scholar
  10. 10.
    Joint Task Force Transformation Initiative, Guide for Conducting Risk Assessments, NIST Special Publication 800-30, Revision 1, National Institute of Standards and Technology, Gaithersburg, Maryland, 2012.Google Scholar
  11. 11.
    D. Kim, Cyber security issues imposed on nuclear power plants, Annals of Nuclear Energy, vol. 65, pp. 141–143, 2014.Google Scholar
  12. 12.
    C. Poresky, C. Andreades, J. Kendrick and P. Peterson, Cyber Security in Nuclear Power Plants: Insights for Advanced Nuclear Technologies, Technical Report UCBTH-17-004, Department of Nuclear Engineering, University of California, Berkeley, Berkeley, California, 2017.Google Scholar
  13. 13.
    ScadaBR Project Team, ScadaBR (, 2019.Google Scholar
  14. 14.
    J. Song, J. Lee, C. Lee, K. Kwon and D. Lee, A cyber security risk assessment for the design of I&C systems in nuclear power plants, Nuclear Engineering and Technology, vol. 44(8), pp. 919–928, 2012.Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2019

Authors and Affiliations

  • Trevor MacLean
    • 1
  • Robert Borrelli
    • 1
  • Michael Haney
    • 1
    Email author
  1. 1.Univerisity of Idaho, Idaho FallsIdahoUSA

Personalised recommendations