Elsevier

Annals of Nuclear Energy

Volume 99, January 2017, Pages 47-53
Annals of Nuclear Energy

Cyber security in nuclear industry – Analytic study from the terror incident in nuclear power plants (NPPs)

https://doi.org/10.1016/j.anucene.2016.09.024Get rights and content

Highlights

  • The cyber terrorism in NPPs of South Korea shows the study motivations.

  • Analyses of the cyber terrorism in NPPs are investigated.

  • Designed solutions for the cyber terrorism in NPPs are discussed.

  • South Korean case is considered as the cyber terrorism in NPPs.

Abstract

The cyber terrorism for nuclear power plants (NPPs) is investigated for the analytic study following the South Korean case on December 2014. There are several possible cyber terror attacks in which the twelve cases are studied for the nuclear terror cases including the computer hacking and data stealing. The defense-in-depth concept is compared for cyber terrorism, which was imported from the physical terror analysis. The conventional three conditions of the physical protection system (PPS) are modified as prevention, detection, and response. The six cases are introduced for the solutions of the facility against the possible cyber terrorism in NPPs. The computer hacking methods and related solutions are analyzed for the applications in the nuclear industry. The nuclear security in the NPPs could be an extremely serious condition and the remedies are very important in the safe plant operations. In addition, the quantitative modeling study is performed.

Introduction

The nuclear terrorism has been concerned extensively following the nuclear safety. The cyber terror in the nuclear power plants (NPPs) produced many security issues from the incident which had happened on December 2014 in South Korea (Republic of Korea) (ABC, 2014, BBC, 2014, Cho, 2014, Woo and Kwak, 2015). Considering of increasing trend in terrors, the attacking on nuclear facility has one of serious situations. In the attack, it was requested that unless three reactors were closed by Christmas, people should stay away from them (BBC, 2014, Woo and Kwak, 2015). However, there was not any attack on the NPPs and other nuclear facilities in South Korea. So, this paper would like to investigate the cyber terror attacks and the related matters including the protection protocols. Furthermore, recently (March 12th) the hacker asked for the money revealing the some plant drawings and the phone conversation record between Korean president and the United Nations Secretary-General (YTN, 2015). Table 1 shows the three stages of cyber terror attack on the Korea Hydro & Nuclear Power Co. Ltd. (KHNP) (VOA, 2015, Kimb, 2015). Fig. 1 is the simplified networking system for KHNP where the reactor and internal systems are disconnected from the external system (KHNP, 2014). The geological sites of NPPs are seen in the map on Fig. 2 in which the sites are located on the south east region in Korea (NGII, 2015).

Cyber terrorism in NPPs is considered as the computer-based internet terrorism as well as the nuclear terrorism in which the potential damages could be considered. In the case of cyber terror, the psychological concerns are very higher comparing to any other physical terrors. Hence, the economic damages could increase such as the stagnations of the economic activity. As a matter of fact, the employee had suffered from the maximized alert condition during all Christmas day long. The normal life cycle of the person or other scheduled tasks were delayed or cancelled in order to concentrate on the preparations against the possible terror attacks.

Section snippets

Literature review

There are several computer virus infection incidents in NPPs which could be similar effects like the cyber terrorism on NPPs. The Microsoft SQL Slammer worm was infected on the Davis-Base NPP in 2003 (US NRC, 2003, Kim, 2014). The excessive traffic in the plant’s integrated computer system network had failed the recirculation pump variable frequency drive (VFD) controllers and the condensate demineralizer controller, equipped with the dual redundant programmable logic controller (PLC) system

Method

The comparisons between general and cyber terror cases are shown in Table 2 where several characteristics are analyzed. Especially, the detection possibility could be successful in the cyber terror which is particularly different from the general and physical terror case, because the Internet Protocol (IP) address is identified. However, the hacker can deceive this address for hiding any criminal activity. This kind of cyber attack is called as the spoofing attack where the attacker could avoid

Data analysis/research

The classification by possible terror attack is done by several documentations which are in Table 6 (Hagemann, 2009, IAEA, 1980, IAEA, 1999, IAEA, 2012, Woo and Lee, 2011b). Table 7 has the consequence list in each scenario where the subjective analyses are performed. Especially, the last one, cyber war case, is a very unlikely situation, although the terrorists could be in the situation to success in the war. There are many soluble methods which have been developed in the cyber security. There

Modeling

The modeling for the nuclear cyber terrorism is performed where the quantitative analysis is done by System dynamics (SD) method using a software, Vensim code system (Ventana Systems, 2015). The SD has been used for the modeling simulations in the fields of engineering-technology as well as social-humanity, which was created by Dr. Jay Forrester in 1960s (System Dynamics Society, 2016). The dynamical modeling is done during 60 years calculating four times per year. The Fig. 3 shows the modeling

Results and discussions

In the case of the December 2014 in South Korea, although there was no significant situation, the psychological disorder was extremely high because the terrorist threatened the plant could be destructive. In addition, it was requested that all residents near site should be evacuated. However, it was not easy to catch the terrorist. According to the information, the IP address was from Shenyang, China. But, nobody knew whether the terrorist was from China, or not as soon as the incident

Conclusions

The cyber terror in nuclear facility is another kind of terror attack method. Although the reality of terrorist or object is not seen easily, the operation of the system is going to be in dangerous situation and then eventually to be in the destructive status. There are some significant points in the study as follows,

  • The cyber terrorism in NPPs of South Korea shows the study motivations.

  • Analyses of the cyber terrorism in NPPs are investigated.

  • Designed solutions for the cyber terrorism in NPPs

References (40)

  • N.I. Zakariya et al.

    Safety, security and safeguard

    Ann. Nucl. Energy

    (2015)
  • ABC, 2014. South Korea seeks China’s help in probe of cyber attack on nuclear power plant operator....
  • BBC, 2014. S Korea seeks Chinese help over nuclear cyber-attack....
  • M. Cho

    South Korea Seeks China’s Cooperation in Probe into Cyberattack on Nuclear Operator

    (2014)
  • A. Cipollaroa et al.

    Contributing to the nuclear 3S’s via a methodology aiming at enhancing the synergies between nuclear security and safety

    Prog. Nucl. Energy

    (2016)
  • M.H. da Silva et al.

    Using virtual reality to support the physical security of nuclear facilities

    Prog. Nucl. Energy

    (2015)
  • Dagouat, C., 2011. Stuxnet Part II: Technical Analysis. ACTU SECU 27,...
  • Hagemann, A., 2009. DBT-Basis for Developing a European Physical Protection Concept, Office of Nuclear Security,...
  • IAEA, 1980. Convention on the Physical Protection of Nuclear Material, INFCIRC/Rev. 1,...
  • IAEA, 1996. Defense in Depth in Nuclear Safety, INSAG-10. A Report by the International Nuclear Safety Advisory...
  • Cited by (29)

    • Evolution of Safety and Security Risk Assessment methodologies towards the use of Bayesian Networks in Process Industries

      2021, Process Safety and Environmental Protection
      Citation Excerpt :

      Digitalization in Nuclear power plants has led to the involvement of numerous computer networks to control and monitor plant operations by interacting with Programmable Logic Controllers (PLCs) which automates and controls the operations of physical components. A cyber attack on critical systems in the nuclear plants can even lead to release of radio-active elements resulting in severe consequences (Kim, 2014)(Cho and Woo, 2017). There are numerous malwares specifically designed to affect industrial control systems- aimed at 1) gathering sensitive information, 2) modifying normal operations of instrumentation and control systems to result in disasters and 3) disabling security systems, thereby aiding physical intrusions.

    • PWR heat exchanger tube defects: Trends, signatures and diagnostic techniques

      2019, Progress in Nuclear Energy
      Citation Excerpt :

      Wireless sensors are versatile, flexible and relatively cheap to deploy without the extra cost of field cable retrofitting. Save for issues such as sensor network security (Sung and Ho, 2017), software verification, power requirement, interference and sensor failure rates which are current research challenges (Yue and He, 2018; Ko and Lee, 2013; An et al., 2018; Ye et al., 2015; Elghazel et al., 2015; Cho et al., 2017), redundancy and diversity criterion of NPP safety systems can be easily fulfilled and WSN would be indispensable for online monitoring of in-containment equipment and structures. This work presents the state-of-the-art in PWR tube defect inspection and critical issues with the methods and techniques used in heat exchanger defect diagnosis.

    • A systems and control perspective of CPS security

      2019, Annual Reviews in Control
      Citation Excerpt :

      As evidenced by the Jeep-Hack and Stuxnet examples, the impact of cyber-attacks can be significant, as they represent safety-critical infrastructures. In addition to the above applications, CPS security has been investigated in Cho and Woo (2017) for protection methods in nuclear power plants, motivated by the cyber attack in 2014. In Wang, Wang, Shen, Alsaadi, and Hayat (2016), a review on deception and disruption attacks in CPSs has been performed.

    • Game theory based complex analysis for nuclear security using non-zero sum algorithm

      2019, Annals of Nuclear Energy
      Citation Excerpt :

      At that time, the excessive traffic in the plant’s integrated computing networks had failed the recirculation pump variable frequency drive (VFD) controllers and the condensate demineralizer controller, equipped with the dual redundant programmable logic controller (PLC) system (US NRC, 2007; Kim, 2014; Cho and Woo, 2017). Furthermore, the Stuxnet computer worm was found by a Belarus-based security firm (Virus-BlokAda) (Dagouat, 2011; Kim, 2014; Cho and Woo, 2017). Although there was not any physically explosion of nuclear facility where the radioactive materials could be contaminated and provoke the public disaster, the cyber based terrorisms significantly damage to the society.

    View all citing articles on Scopus
    View full text