The Electrical Power Systems (EPS) are indispensable for a Nuclear Power Plant (NPP). The EPS are essential for plant start-up, normal operation, and emergency conditions. Electrical power systems are necessary not only for power generation, transmission, and distribution but also to supply reliable power for plant operation and control system during safe operation, Design Basis Conditions (DBC) and Design Extension Conditions (DEC). According to IAEA Specific Safety Guide SSG-34, EPS are essentially the support systems of many plant equipment. Electrical system, which supply power to plant systems important to nuclear safety, are essential to the safety of an NPP.
In recent years, due to the digitization of Instrumentation and Control (I&C) systems, along with their enhanced accuracy, ease of implementing complex functions and flexibility, have been also exposed to sophisticated cyber threats. Despite physical separation and redundant electrical power supply sources, malicious cyber-attacks performed by insiders or outsiders might disrupt the power flow and result in an interruption in the normal operation of an NPP. Therefore, for the uninterrupted operation of a plant, it is crucial to contemplate cybersecurity in the EPS design and implementation. Considering multiple cyber threats, the main objectives of this research work are finding out security vulnerabilities in electrical power systems, simulating potential cyber-attacks and analyzing the impacts of these attacks on the electrical components to protect the electrical systems against these cyber-attacks.
An EPS testbed at a small scale was set up, which included commercial I&C and electrical equipment significant for the cybersecurity analysis. The testbed equipment comprises of electrical protection relay (IEC 60255), controller, operating panel, engineering workstation computer, simulation model, etc. to monitor and control the power supply of one or more electrical equipment responsible for a regular operation in an NPP. Simulated cybersecurity attacks were performed using this testbed and the outcomes were examined in multiple iterations, after adding or changing security controls (cybersecurity countermeasures). Analyzing the cybersecurity and performing cyber-attacks on these systems are very advantageous for a real power plant to prepare and protect the plant equipment before any malicious attack happens. This research work conclusively presents cybersecurity analysis, including basic and sophisticated cyber-attack scenarios to understand and improve the cybersecurity posture of EPS in an NPP. The approach was completed by considering the process engineering systems (e.g. reactor core cooling systems) as attack targets and investigating the EPS specific security Defense-in-Depth (DiD) design together with the Nuclear Safety DiD concepts.:CHAPTER 1 INTRODUCTION
1.1 Motivation
1.2 Technical Background
1.3 Objectives of the Ph.D. Project
1.4 State of the Art in Science and Technology
CHAPTER 2 FUNDAMENTALS OF CYBERSECURITY AND ELECTRICAL CONTROL AND PROTECTION CONCEPTS
2.1 Electrical Power System
2.2 Electrical Protection System
2.3 Cyber-Physical System
2.4 Industrial Control System
2.5 Safety I&C and Operational I&C Systems
2.6 Safety Objective Oriented Top-Down Approach
2.7 Cybersecurity Concept
2.8 Threat Identification and Characterization in NPP
2.8.1 Design Basis Threat
2.8.2 Attacker Profile
2.8.1 Reported Real-Life NPP Cyber-Attack Examples
2.9 Security Levels
2.10 Summary
CHAPTER 3 CYBER-PHYSICAL PROCESS MODELING
3.1 Introduction
3.2 Single Line Diagrams of Different Operational Modes
3.3 Design
3.4 Block Diagram of Simulink Model
3.5 Implementation of Simulink Blocks
3.5.1 Power Generation
3.5.2 Grid Feed
3.5.3 House Load (Feed Water Pump)
3.6 OPC UA Communication
3.7 Summary
CHAPTER 4 CYBER THREAT SCENARIOS FOR EPS
4.1 Introduction
4.2 Cyber-Physical System for EPS
4.3 Cyber Threats and Threat Sources
4.3.1 Cyber Threats
4.3.2 Threat Sources
4.4 Cybersecurity Vulnerabilities
4.4.1 Vulnerabilities in EPS
4.4.2 Vulnerabilities in ICS
4.5 Attacker Modeling
4.6 Basic Cyber Threat Scenarios for EPS
4.6.1 Scenario-1: Physical Access to Electrical Cabinets
4.6.2 Scenario-2: Modification of Digital Protection Devices
4.7 Potential Advanced Cyber Threat Scenarios for EPS
4.7.1 Scenario-1: Alteration of a Set-point of the Protection Relay
4.7.2 Scenario-2: Injection of Malicious Packets
4.7.3 Scenario-3: False Trip Command
4.7.4 Scenario-4: Availability Attack on Protection Relay or SCADA System
4.7.5 Scenario-5: Permanent Damage to Physical Component
4.7.6 Scenario-6: Protocol-wise Attack on Operator Panel
4.8 Threat Scenario for Simulink model
4.9 Summary
CHAPTER 5 EPS TESTBED DESCRIPTION
5.1 Introduction
5.2 Basic Industrial Automation Architecture
5.3 Need for Testbeds
5.4 Proposed EPS Testbed
5.4.1 Testbed Architecture
5.4.2 Testbed Implementation
5.5 EPS Physical Testbed Applications
5.5.1 Modeling and Simulation of Power System Faults
5.5.2 Modeling of Cyber-Attacks
5.6 Summary
CHAPTER 6 EXPERIMENTAL AND IMPACT ANALYSIS OF CYBER THREAT SCENARIOS
6.1 Outline
6.2 Normal Operation and Control
6.3 Possibilities to Cause Failure in the Primary or Secondary Cooling Systems
6.4 Implementation of Cybersecurity Threat Scenarios
6.4.1 Alteration of a Relay Set-Point during Plant Start-Up Phase
6.4.2 Alteration of a Controller Set-Point during Normal Operation Phase
6.4.3 Availability Attack on Control and Protection System
6.4.4 Severe Damage to a Physical Component due to Overcurrent
6.5 Experimentally Assessed Cyber-attacks
6.6 Summary
CHAPTER 7 SUMMARY AND OUTLOOK
REFERENCES
SCIENTIFIC PUBLICATIONS
GLOSSARY
Identifer | oai:union.ndltd.org:DRESDEN/oai:qucosa:de:qucosa:78695 |
Date | 05 April 2022 |
Creators | Gupta, Deeksha |
Contributors | Hampel, Uwe, Ding, Yongjian, Technischen Universität Dresden |
Source Sets | Hochschulschriftenserver (HSSS) der SLUB Dresden |
Language | English |
Detected Language | English |
Type | info:eu-repo/semantics/publishedVersion, doc-type:doctoralThesis, info:eu-repo/semantics/doctoralThesis, doc-type:Text |
Rights | info:eu-repo/semantics/openAccess |
Relation | 978-3-934409-79-8, 1431-5254, 10.18420/inf2020_35, 10.1063/1.4972948, 10.1063/1.4972939, 10.1115/ICONE25-66037, 10.1115/1.4040372, 10.1115/ICONE26-82411, 10.18420/inf2019_ws28, info:eu-repo/grantAgreement/International Atomic Energy Agency/IAEA CRP J02008/J02008//Enhancing Computer Security Incident Analysis and Response Planning at Nuclear Facilities/CRP |
Page generated in 0.0031 seconds