Cyber Robust Systems: The Vulnerability of the Current Approach to Cyber Security

Cyber Robust Systems: The Vulnerability of the Current Approach to Cyber Security

Gary Johnson (Independent Researcher, USA)
DOI: 10.4018/978-1-7998-3277-5.ch006
OnDemand PDF Download:
List Price: $37.50
10% Discount:-$3.75


Analysis of the STUXNET attacks on the Natanz gas centrifuge plant illustrated the hazards of a cyber physical attack. STUXNET demonstrated that a cyber-attack can introduce new and malicious function into I&C systems. Cyber robust nuclear power plant systems may be able to provide a truly independent level of defense in depth against cyber-attacks. The development of cyber robust systems involves identifying the plant's vulnerabilities and using non-digital means where such features can defeat malicious attacks. This is a relatively new idea, so a complete roadmap for this is not available. Nevertheless, some principles can be stated, and some methodologies can be discussed.
Chapter Preview


Cyber security for nuclear power plants tends to be the domain of Information Technology (IT) professionals. The IT approach to cyber security is to protect the instrumentation and control systems from cyber-attacks using methods such as anti-virus software, network segregation, intrusion detection, and security patches. It is an important activity that reduces the hazard to the plant by attempting to prevent the introduction or execution of malicious features into the plant instrumentation and control systems. Most of this book deals with the IT approach.

The IT approach reduces the frequency of attacks, but it has several limitations:

  • It depends to a great extent on people faithfully following the cyber security requirements. People are pone to making mistakes and also prone to taking shortcuts that can open pathways for introduction of cyber threats.

  • It is vulnerable to zero day attacks.

  • It cannot deal with cyber hazards that existed before the IT features were applied to the systems and equipment that make up a instrumentation and control system. Experts who are familiar with intelligence community information claim that hazardous cyber threats are already in many of our important instrumentation and control systems- for example (Clark, 2010; Sanger, 2018).

  • It is vulnerable to insider threats.

We should expect that some cyber-attacks will be successful. Denial of service attacks and attacks that cause minor damage to the plants are serious problems and will degrade the industry’s credibility with the public, but, as long as they are relatively rare they will be survivable.

On the other hand, attacks that cause significant release of radioactivity or core damage will be catastrophic to the entire industry. A defense in depth approach is needed to deal with such possibilities. To deal with these cases we must understand the attacks that may result in radiological releases or core damage and take appropriate action to prevent such attacks or mitigate their consequences.

It is expected that such attacks can come from highly competent and motivated attackers who are employed by nation states or very sophisticated terrorist organizations. Some would argue that nation state attacks are acts of war, and acts of war do not need to be considered in a nuclear power plants safety case. But when such a cybersecurity attack comes it will be very difficult to confirm the origin of the attack. We need only to think of the MH370 shoot down to understand the difficulty of proving the source of mysterious attacks. We should understand that if a serious reactor accident is caused by a mysterious cyber-attack, we will not be forgiven for the consequences.

It is also possible that serious radiological releases might be caused by relatively unsophisticated cyber-attacks. We won’t know until we examine the possibilities.

Before discussing the needed analytical process, the next section will discuss a real such event.


The Stuxnet Attacks

This section gives a brief overview of the STUXNET attacks on the Natanz gas centrifuge plant to illustrate the hazards of a cyber physical attack. The material in this section is largely derived from Ralph Langner’s report “To Kill a Centrifuge” (Langner, 2013). Readers are encouraged to read the full report which gives much more complete discussion of the events than is given here.

In 2010 malware was discovered that attacked Siemens Step 7 programmable logic controllers.

Originally, Siemens concluded that the malware had not affected any Siemens users, but investigation work by Langner and others determined the attack was designed only to attack Natanz gas centrifuge plant.

Natanz is a gas centrifuge gaseous diffusion plant in Iran. To understand the attacks it is necessary to know how these plants operate. The gas centrifuges at Natanz were intended to enrich uranium. This is done by flowing low enriched uranium through a series of centrifuges. In each centrifuge action tends to cause the uranium with higher mass to flow in one direction and the uranium with lower mass in the other direction. This process is very inefficient so a large number of centrifuges are needed to produce significant enrichment. This process can be simply modeled as shown in Figure 1.

Figure 1.

A simple model of a gaseous enrichment plant


Complete Chapter List

Search this Book: