Cyber-Security Considerations for SMRs to Conduct Load-following
Operations in Korea

In most countries where nuclear power plants (NPPs) are employed for commercial power generation, the NPPs are used as the baseload power sources. The emergence of SMRs brought up several flexible applications that were not feasible with the current large NPPs, such as multiple energy end-products and other industrial uses. One of the novel opportunities is the option to operate SMRs in the load-following mode and take advantage of the expanded capabilities of the latest SMR design considerations offered in Korea. Currently, all nuclear power plants in Korea are not conducting load-following operations and only serve to fulfill the base load. They do not respond to the fluctuating demands that may occur daily or seasonally. Therefore, the baseload NPPs do not have to alter the power production level and act independently. However, if SMRs are utilized as load-following power sources, several issues require operational policies and procedures modification. One area of such change that must be addressed is cyber-security. The SMR integrated control system will likely need to receive frequent control signals from the National Energy Management System (EMS) outside the plant and process the signals to control multiple reactor modules in a coordinated manner to conduct load-following operations. This change will inevitably require an intimate linkage between the power reactor control system and national EMS, as never happened in Korea previously. In this paper, we address the identification of the potential cyber security issues that may arise during the load-following operation and discuss the cyber security measures and considerations that will protect the SMRs from increased connectivity to off-site.