Cybersecurity of operational technologies has been exceedingly difficult to demonstrate with repeatable and meaningful accuracy. For the nuclear industry this uncertainty in cybersecurity effectiveness and its assurance increases regulatory hurdles and has the potential to result in costly implementations. Robust, repeatable, and systematic cybersecurity analysis essential for assisting engineering, design and development as well as to inform sufficient and efficient cybersecurity protections. Many cybersecurity analyses evaluate the system and implementation in the context of attack pathways, vectors and vulnerabilities (i.e., the “penetrate and patch” approach), lacking determinism and limited inclusion of diverse novel attack methods. The Advanced Reactor Cyber Analysis and Development Environment (ARCADE) is intended to provide repeatable and systematic cybersecurity analysis, as well as a development platform to evaluate the efficacy of cybersecurity implementations and methodologies. The ARCADE platform allows plug-and-play operation for common industry simulation tools (e.g., Flownex, Simulink), while providing a generic API for custom AR simulation environments. The integration of high-fidelity physics with software defined network emulations, enables consequencefocused design, a key principle in Cyber Informed Engineering. This paper will describe the development of ARCADE and the use of this platform in evaluating and providing assurance of cybersecurity engineered controls of an AR control system. Finally, future work and development of ARCADE to address the nuclear industry’s needs will be discussed.
Year
2024
Abstract