WEST LAFAYETTE, Ind., Aug. 4, 2017 — Cybersecurity for nuclear power plants is the focus of a new collaboration between government and academia, led by Purdue University’s Hany Abdel-Khalik.
The National Academy of Engineering has identified cybersecurity as one of the most complex issues engineering has ever faced. As engineering systems become more sophisticated, it gets harder to think about all the ways they can be compromised.
“Reactors are complex beasts. The nuclear community has a great number of scientists who have spent their entire careers thinking of all the different ways that things could go wrong,” said Abdel-Khalik, an associate professor of nuclear engineering. “Now things are becoming more digital and we’re relying on computers to make decisions, but computers aren’t human. They can make bad decisions if they are given bad data. That’s the advantage hackers could have right now.”
The Department of Energy’s Nuclear Energy University Program (NEUP) has provided funding for the Purdue-led team to develop tools to measure risk and mitigate the effects of a hypothetical security breach. Although nuclear reactors are inherently safe and have several built-in safety mechanisms, Abdel-Khalik and his colleagues want to construct another layer of defense.
For this project, the researchers will assume that hackers have access to the raw data used to control a reactor. Although obtaining this information would be extremely difficult, the team wants to make the reactor control system smart enough to realize it’s being manipulated.
“Say you have a friend and you’re used to them talking to you in a certain way. If they start saying weird things, or you see them do things that are out of the norm for their behavior, then you know there’s something wrong,” Abdel-Khalik said. “It’s the same for a nuclear reactor. You’re expecting the power, coolant flow and steam level to have certain patterns, and if they start deviating, that should signal to the operator that something is wrong and he should intervene.”
When reactors were designed initially, much more of the operation was manual. If an operator saw something wrong, he or she would intervene right away. Now, control systems are being digitized to make operational and safety-related decisions.
Several nations across the globe have reported cyberattacks on critical infrastructure such as nuclear power plants in recent years, and the frequency and sophistication of the attacks is only increasing. This is because they’re high-reward targets for the attackers, Abdel-Khalik said.
“Attackers are always looking for ways to cause massive destruction, and nuclear reactors are very high-profile,” he said. “If they can say a reactor was hacked, that’s a big win for them. Even if no damage happens in the reactor and it is simply restarted.”
Elisa Bertino, professor of computer science and head of the Cyber Space Security Lab at Purdue, will be working with Abdel-Khalik on the project. The two got started on a small grant from Sandia National Laboratory in 2015 to show that hackers could change the state of a reactor if they had access to raw data from the plant, and through the NEUP funding, they gained the resources to develop a solution.
The NEUP funding is unique and effective because it allows labs and universities to work together. Abdel-Khalik believes that to solve such a complex issue, it will take collaboration between academia, government and industry.
“Academia has always been the birthplace for new ideas. Government labs can take an idea and nurture it to production, and then industry can customize a product for the various applications,” he said.
Abdel-Khalik and Bertino will partner with Virginia Wright, Idaho National Laboratory Program Manager for Domestic Nuclear Cyber Security, Dr. Katrina Groth, an expert on risk and reliability analysis of nuclear power plants at Sandia National Laboratory, and Professor Ayman Hawari, director of North Carolina State University PULSTAR research reactor.
The award notice can be found here.
Source: Purdue University