Year
2025
Abstract
Defensive Cybersecurity Architecture (DCSA) is a key strategic cybersecurity feature that ensures that the most critical functions (and the systems that perform them) are protected by the greatest number of defensive layers. The “atomic” unit of a DCSA is a cybersecurity zone which has controls at both the physical boundaries (e.g. locked cabinets, secure rooms/barriers, port blockers) and logical boundaries (e.g. firewalls, data diodes). These controls are the “decoupling” mechanisms that separate one zone from another and generally are arranged to protect the zone requiring more stringent protection (e.g., higher security level/classification) than the decoupled zone requiring less protection (e.g., lower security level). Nuclear power plants in the current fleet rely upon air-gaps (physical isolation and physical access control) to decouple zones or data diodes. This decoupling approach limits situational awareness and innovation (e.g., wireless, remote operations) for new Small Modular Reactors (SMRs). To enable innovation, this paper analyzes a spectrum of decoupling strategies (i.e., extreme, strict, logical only, physical only) to provide insights into DCSA optimization strategies necessary to support SMR deployment.