Modern nuclear power plants (NPPs) use a variety of digital technologies, with new technologies such as wireless sensor networks also under active consideration. Consequently, like other critical infrastructure at increasing risk of cyber-attacks, cyber security for NPPs has become an issue of growing concern. The development of cyber-attack scenarios is therefore a crucial part of cyber security plans for NPPs. However, regulatory guidelines for NPPs only mention the necessity for cyber-attack scenarios, their application methods, and simple examples, without outlining any systematic method to actually develop comprehensive cyber-attack scenarios. This paper proposes a method for developing NPP cyber-attack scenarios that reflect the inherent characteristics and architecture of NPPs using scenario graphs, a type of attack model. Further, the process of modeling scenario graphs using the proposed method and a process for developing new attack scenarios by combining several scenario graphs are discussed. In the scenario graphs, large and complicated system structures are conceptually divided, facilitating identification of components of cyber-attacks. Attack scenarios developed using these scenario graphs can be used extensively to develop design basis threats (DBTs), risk assessments, and penetration tests. Thus, they are important for establishing cyber security plans and programs.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.