Raw data used to add layer of cyber protection to nuclear plants

Raw data used to control nuclear reactors is to be utilised in a US project to protect nuclear plants from cyber attacks.

Cyber security

Led by Purdue University’s Hany Abdel-Khalik, the collaboration between government and academia will address what the US National Academy of Engineering says is one of the most complex issues engineering has faced.

“Reactors are complex beasts. The nuclear community has a great number of scientists who have spent their entire careers thinking of all the different ways that things could go wrong,” said Abdel-Khalik, an associate professor of nuclear engineering. “Now things are becoming more digital and we’re relying on computers to make decisions, but computers aren’t human. They can make bad decisions if they are given bad data. That’s the advantage hackers could have right now.”

The US Department of Energy’s Nuclear Energy University Program (NEUP) has provided funding for the Purdue-led team to develop tools to measure risk and mitigate the effects of a hypothetical security breach. Although nuclear reactors have several built-in safety mechanisms, Abdel-Khalik and his colleagues want to construct another layer of defence.

For this project, the researchers will assume that hackers have access to the raw data used to control a reactor. Obtaining this information would normally be extremely difficult, but the team wants to make the reactor control system realise it is being manipulated.

“You’re expecting the power, coolant flow and steam level to have certain patterns, and if they start deviating, that should signal to the operator that something is wrong and he should intervene,” said Abdel-Khalik said.

When reactors were first designed, much more of the operation was manual. If an operator saw something wrong, an intervention would immediately take place. Now, control systems are being digitised to make operational and safety-related decisions.

Several nations have reported cyber attacks on critical infrastructure such as nuclear power plants in recent years, and the frequency and sophistication of the attacks is only increasing. This is because they’re high-reward targets for the attackers, Abdel-Khalik said.

“Attackers are always looking for ways to cause massive destruction, and nuclear reactors are very high-profile,” he said. “If they can say a reactor was hacked, that’s a big win for them. Even if no damage happens in the reactor and it is simply restarted.”

Elisa Bertino, professor of computer science and head of the Cyber Space Security Lab at Purdue, will be working with Abdel-Khalik on the project. The two received a small grant from Sandia National Laboratory in 2015 to show that hackers could change the state of a reactor if they had access to raw data from the plant, and through the NEUP funding, they gained the resources to develop a solution.

Nuclear plants at risk from cyber attack