Nuclear Cybersecurity Course Development

The inclusion of digital instrumentation and controls into newly constructed nuclear power plants as well as next generation designs has created a need for additional and expanded knowledge and skills to support cyber security operations in nuclear facilities. The need for this expertise will increase with the deployment of advanced reactors, particularly in cases where deployments and designs will include remote and/or autonomous monitoring and control. The objective of this work is the building of a university course in cyber security fundamentals to educate the next generation of personnel in the nuclear field. The concept for this work comes from a survey of topics related to cyber operations presented to students in a nuclear security system design course. Survey results show a high level of interest in topics with little related education and experience, indicating both high demand and value for the future course. These topics formed a basis for the lessons developed for this work and are in line with the guidance set forth in the International Atomic Energy Agency (IAEA) Nuclear Security Series (NSS) No. 42-G and the IAEA Model Academic Curriculum in Nuclear Security (NSS No. 12-T (Rev. 1)). Some of the focused topics for this course of instruction include an introduction to networking, different cyber-attack options, and defensive measures to prevent these attacks. In addition to the class lessons, various assignments and the end of semester project are built using the Advanced Reactor Cyber Analysis and Development Environment (ARCADE) that has been generously provided through collaborative efforts with Sandia National Laboratories. The ARCADE simulated environment includes opportunities to explore how various instrumentation technology such as programmable logic controllers (PLCs) and supervisory control and data acquisition systems (SCADA) are applied to a nuclear power plant and how these devices are networked together to create a cohesive system of systems. These assignments and the project are designed to provide students with a safe environment to experience various cyber intrusions on a simulated network and then work to provide solutions that would bolster defensive capabilities or prevent the intrusion altogether. To this end, multiple iterations of cyber operations are tested in the environment to stress-test the system and provide a clearer idea of what could be seen in present day operations.